Lab 3.3 Cluster IP access

kubectl get svc nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx ClusterIP 10.103.189.38 80/TCP 8m
curl 10.103.189.38:80
Using the cluster ip as above, unable to access the curl from master node, but I can access from worker node.
Is there anything I am missing here ? Thanks.
Comments
-
Hello,
My first thought is there may be some firewall blocking access. Did you have a rule to allow all traffic?
What are you using to run the labs?
Does the command time out or other error?
Please make sure all the pods are running with kubectl get pod --all-namespaces Are there any pods or containers not running?
Regards,
0 -
Hi,
Are you still working on GCP? Do you have a firewall rule to allow all traffic (all ports, all sources, all protocols)?
If on AWS, you would need a similar firewal rule.
This may be required to be able to complete this lab and subsequent labs as well.
Regards,
-Chris2 -
Thank you.
Added below and it starts working. Thanks.Name Type Targets Filters Protocols / ports Action Priority Network
allowall Ingress Apply to all IP ranges: 0.0.0.0/0 all Allow 1000 default0 -
Yes I have to say I spent ages trying to troubleshoot on lab 8 until I read this post
After adding a firewall rule to allow all ingress traffic, and adding to the master and worker nodes, I'm back on track.0 -
Hi @EdwardQuick ,
I am glad you found the solution helpful.
Did you encounter any similar issues in labs prior to Lab 8?
Thanks,
-Chris0 -
I can't recall to be honest Chris. This is on GCP by the way. Perhaps I've got a poor memory but was there a LAB on how to set up the hosts on GCP and did it mention adding firewall rules?
0 -
Hi @EdwardQuick ,
For some reason, I remember some instructions to open all ports for traffic, but I may be thinking of another course. On the K8s.io documentation site there are some notes about port ranges used by K8s, but last time I checked that list was incomplete (creating fw rules for those specific port ranges still produced errors). So for the purpose of these labs, I just opened all ports to all protocols from all sources.
-Chris0 -
I will update the introduction chapter to make it clear that ports should be opened to avoid firewall issues.
Regards,
1 -
is it updated in the introduction chapter? I didn't find it and spent hours with the local IP tables rule until I found this post..
0 -
It will be included in the next course version, but it has not yet been done.
0 -
I also faced this problem. I really didn't make it work, even I tried the firewall rule mentioned in this post. At last, I followed the kuernetes-the-hard-way to set up a working cluster. Could you provide more specific commands?
The following is the glcoud commands I used to create network and instances on GCP. What did I miss?
$ gcloud compute networks create cka --subnet-mode custom $ gcloud compute networks subnets create kubernetes --network cka --range 10.240.0.0/24 $ gcloud compute firewall-rules create cka-external --allow tcp:22,tcp:6443,icmp --network cka --source-ranges 0.0.0.0/0 $ gcloud compute firewall-rules create cka-internal --network cka --allow tcp,udp,icmp --source-ranges 192.168.0.0/16,10.240.0.0/16 $ gcloud compute instances create controller-1 --async --boot-disk-size 200GB --can-ip-forward --image-family ubuntu-1804-lts --image-project ubuntu-os-cloud --machine-type n1-standard-1 --private-network-ip 10.240.0.11 --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring --subnet kubernetes --tags cka,controller $ gcloud compute instances create worker-1 --async --boot-disk-size 200GB --can-ip-forward --image-family ubuntu-1804-lts --image-project ubuntu-os-cloud --machine-type n1-standard-1 --private-network-ip 10.240.0.21 --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring --subnet kubernetes --tags cka,worker
0 -
Hi,
Kubernetes uses many port ranges for agent-to-agent communication and for external communication. As I mentioned above, create a FW rule to allow all traffic: all protocols, all ports, all sources. The GCP documentation on firewall rules shows a sample that you can use to create this. If you are using the console, just navigate to VPC network -> Firewall rules and from there you can create the same rule.
Regards,
-Chris0 -
Thanks, Chris. It worked.
Kubernetes-the-hard-way works fine with such firewall rule setting, but our lesson doesn't.
The only difference here I can inspect is the network plugin. Kubernetes-the-hard-way uses GCP route and our lesson uses Calico.
I doubt we can make it work with much less permissive firewall rule. Maybe, just add BGP protocol permission is enough.0 -
Hello!
I Have the same issue. I am using 2 virtual machines in Azure, and curl is not responding:
Some useful info:$ kubectl get svc nginx-7db75b8b78-8gtzs
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-7db75b8b78-8gtzs ClusterIP 10.111.205.50 80/TCP 5h45m
$ curl 10.111.205.50:80At this point nothing happens until timeout. I Already opened all ports in Azure portal (inbound / outbound rules).
Master and node hosts have Internet access, but seems that pods doesn't. Or at least, can't resolve DNS, because I can pin google's IP, but can't to google.com:**/ # ping 172.217.168.206
PING 172.217.168.206 (172.217.168.206): 56 data bytes
64 bytes from 172.217.168.206: seq=0 ttl=48 time=3.478 ms
64 bytes from 172.217.168.206: seq=1 ttl=48 time=3.292 ms
^C
--- 172.217.168.206 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.292/3.385/3.478 ms
/ #
/ # ping google.com
^C
**Also, all pods are running:
$ kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default bosybox-56bbfc6d5c-627wp 1/1 Running 1 6h5m
default nginx-7db75b8b78-8gtzs 1/1 Running 0 24h
kube-system calico-node-2k4qt 2/2 Running 2 3d23h
kube-system calico-node-bkbc4 2/2 Running 2 4d
kube-system coredns-869f847d58-ldtm9 1/1 Running 1 4d2h
kube-system coredns-869f847d58-nfdjq 1/1 Running 1 4d2h
kube-system etcd-demian-test 1/1 Running 1 3d23h
kube-system kube-apiserver-demian-test 1/1 Running 1 3d23h
kube-system kube-controller-manager-demian-test 1/1 Running 1 3d23h
kube-system kube-proxy-6ddgr 1/1 Running 1 4d2h
kube-system kube-proxy-gp2t4 1/1 Running 1 3d23h
kube-system kube-scheduler-demian-test 1/1 Running 1 3d23hany ideas? Thanks
0 -
Hi @demian711 ,
You can try to restart your DNS pods, and see if that resolves your DNS issue.
If not, then here is a tutorial on how to setup DNS for Kubernetes on Azure:
https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/azure.md
Regards,
-Chris0
Categories
- 9.9K All Categories
- 29 LFX Mentorship
- 82 LFX Mentorship: Linux Kernel
- 463 Linux Foundation Boot Camps
- 266 Cloud Engineer Boot Camp
- 93 Advanced Cloud Engineer Boot Camp
- 43 DevOps Engineer Boot Camp
- 28 Cloud Native Developer Boot Camp
- 1 Express Training Courses
- 1 Express Courses - Discussion Forum
- 1.6K Training Courses
- 18 LFC110 Class Forum
- 3 LFC131 Class Forum
- 19 LFD102 Class Forum
- 131 LFD103 Class Forum
- 9 LFD121 Class Forum
- 60 LFD201 Class Forum
- 1 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum
- 23 LFD254 Class Forum
- 544 LFD259 Class Forum
- 100 LFD272 Class Forum
- 1 LFD272-JP クラス フォーラム
- 1 LFS145 Class Forum
- 20 LFS200 Class Forum
- 739 LFS201 Class Forum
- 1 LFS201-JP クラス フォーラム
- 1 LFS203 Class Forum
- 35 LFS207 Class Forum
- 295 LFS211 Class Forum
- 53 LFS216 Class Forum
- 45 LFS241 Class Forum
- 39 LFS242 Class Forum
- 33 LFS243 Class Forum
- 10 LFS244 Class Forum
- 27 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- 131 LFS253 Class Forum
- 962 LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 85 LFS260 Class Forum
- 124 LFS261 Class Forum
- 29 LFS262 Class Forum
- 78 LFS263 Class Forum
- 15 LFS264 Class Forum
- 10 LFS266 Class Forum
- 17 LFS267 Class Forum
- 16 LFS268 Class Forum
- 14 LFS269 Class Forum
- 193 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- 205 LFW211 Class Forum
- 148 LFW212 Class Forum
- 890 Hardware
- 212 Drivers
- 74 I/O Devices
- 44 Monitors
- 115 Multimedia
- 206 Networking
- 99 Printers & Scanners
- 85 Storage
- 747 Linux Distributions
- 88 Debian
- 64 Fedora
- 13 Linux Mint
- 13 Mageia
- 24 openSUSE
- 133 Red Hat Enterprise
- 33 Slackware
- 13 SUSE Enterprise
- 354 Ubuntu
- 468 Linux System Administration
- 38 Cloud Computing
- 67 Command Line/Scripting
- Github systems admin projects
- 93 Linux Security
- 77 Network Management
- 107 System Management
- 48 Web Management
- 61 Mobile Computing
- 22 Android
- 25 Development
- 1.2K New to Linux
- 1.1K Getting Started with Linux
- 525 Off Topic
- 127 Introductions
- 211 Small Talk
- 19 Study Material
- 782 Programming and Development
- 256 Kernel Development
- 492 Software Development
- 919 Software
- 255 Applications
- 181 Command Line
- 2 Compiling/Installing
- 76 Games
- 316 Installation
- 46 All In Program
- 46 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)