Lab 3.5 - Can't connect to nginx

ctschacher

I face the problem that I cannot call my NGINX instance from an external browser:site can’t be reached

I'm using GCP and the external IP provided by GCP that I also use for connecting with SSH from my local machine together with the port 30383 from the loadbalance service (see below).

My current set up:

[email protected]:~$ kubectl get pod,deployment,service
NAME                        READY   STATUS    RESTARTS   AGE
pod/nginx-d46f5678b-9dpx5   1/1     Running   0          22m
pod/nginx-d46f5678b-mr7r4   1/1     Running   0          5s

NAME                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx   2/2     2            2           5h21m

NAME                 TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP      10.96.0.1       <none>        443/TCP        25h
service/nginx        LoadBalancer   10.103.88.235   <pending>     80:30383/TCP   14m

A local test on the master node looks good:

[email protected]:~$ curl localhost:30383
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
[ ... ]

I also checked with tcpdump and saw traffic between master and worker as soon as I send a request from the external browser. But I noticed that these dump doesn't contain any real data packages that I see when I do a cluster local test with curl:

22:50:25.781453 IP 192.168.219.64.38165 > 192.168.171.71.http: Flags [P.], seq 1:80, ack 1, win 512, options [nop,nop,TS val 1849845571 ecr 2061161969], length 79: HTTP: GET / HTTP/1.1
22:50:25.781516 IP 192.168.171.71.http > 192.168.219.64.38165: Flags [.], ack 80, win 510, options [nop,nop,TS val 2061161970 ecr 1849845571], length 0
22:50:25.781799 IP 192.168.171.71.http > 192.168.219.64.38165: Flags [P.], seq 1:239, ack 80, win 510, options [nop,nop,TS val 2061161970 ecr 1849845571], length 238: HTTP: HTTP/1.1 200 OK

Instead in the test with browser there are only SYN/ACK handshakes:

22:53:47.987759 IP worker.35869 > 192.168.219.75.http: Flags [S], seq 2475810478, win 64240, options [mss 1460,sackOK,TS val 2990407375 ecr 0,nop,wscale 7], length 0
22:53:47.988855 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688879141 ecr 2990407375,nop,wscale 7], length 0
22:53:49.008869 IP worker.35869 > 192.168.219.75.http: Flags [S], seq 2475810478, win 64240, options [mss 1460,sackOK,TS val 2990408387 ecr 0,nop,wscale 7], length 0
22:53:49.009081 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688880162 ecr 2990407375,nop,wscale 7], length 0
22:53:50.040391 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688881193 ecr 2990407375,nop,wscale 7], length 0
22:53:51.017923 IP worker.35869 > 192.168.219.75.http: Flags [S], seq 2475810478, win 64240, options [mss 1460,sackOK,TS val 2990410403 ecr 0,nop,wscale 7], length 0
22:53:51.018137 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688882171 ecr 2990407375,nop,wscale 7], length 0
22:53:53.048372 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688884201 ecr 2990407375,nop,wscale 7], length 0

Does anyone know what the problem is?

chrispokorni

Hi @ctschacher,

Does your VPC have a firewall rule to allow all ingress traffic into the cluster (from all sources, to all ports, all protocols)?

Regards,
-Chris