Welcome to the Linux Foundation Forum!

Lab 3.5 - Can't connect to nginx

I face the problem that I cannot call my NGINX instance from an external browser:site can’t be reached

I'm using GCP and the external IP provided by GCP that I also use for connecting with SSH from my local machine together with the port 30383 from the loadbalance service (see below).

My current set up:

  1. student@master:~$ kubectl get pod,deployment,service
  2. NAME READY STATUS RESTARTS AGE
  3. pod/nginx-d46f5678b-9dpx5 1/1 Running 0 22m
  4. pod/nginx-d46f5678b-mr7r4 1/1 Running 0 5s
  5.  
  6. NAME READY UP-TO-DATE AVAILABLE AGE
  7. deployment.apps/nginx 2/2 2 2 5h21m
  8.  
  9. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
  10. service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 25h
  11. service/nginx LoadBalancer 10.103.88.235 <pending> 80:30383/TCP 14m

A local test on the master node looks good:

  1. student@master:~$ curl localhost:30383
  2. <!DOCTYPE html>
  3. <html>
  4. <head>
  5. <title>Welcome to nginx!</title>
  6. <style>
  7. [ ... ]

I also checked with tcpdump and saw traffic between master and worker as soon as I send a request from the external browser. But I noticed that these dump doesn't contain any real data packages that I see when I do a cluster local test with curl:

  1. 22:50:25.781453 IP 192.168.219.64.38165 > 192.168.171.71.http: Flags [P.], seq 1:80, ack 1, win 512, options [nop,nop,TS val 1849845571 ecr 2061161969], length 79: HTTP: GET / HTTP/1.1
  2. 22:50:25.781516 IP 192.168.171.71.http > 192.168.219.64.38165: Flags [.], ack 80, win 510, options [nop,nop,TS val 2061161970 ecr 1849845571], length 0
  3. 22:50:25.781799 IP 192.168.171.71.http > 192.168.219.64.38165: Flags [P.], seq 1:239, ack 80, win 510, options [nop,nop,TS val 2061161970 ecr 1849845571], length 238: HTTP: HTTP/1.1 200 OK

Instead in the test with browser there are only SYN/ACK handshakes:

  1. 22:53:47.987759 IP worker.35869 > 192.168.219.75.http: Flags [S], seq 2475810478, win 64240, options [mss 1460,sackOK,TS val 2990407375 ecr 0,nop,wscale 7], length 0
  2. 22:53:47.988855 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688879141 ecr 2990407375,nop,wscale 7], length 0
  3. 22:53:49.008869 IP worker.35869 > 192.168.219.75.http: Flags [S], seq 2475810478, win 64240, options [mss 1460,sackOK,TS val 2990408387 ecr 0,nop,wscale 7], length 0
  4. 22:53:49.009081 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688880162 ecr 2990407375,nop,wscale 7], length 0
  5. 22:53:50.040391 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688881193 ecr 2990407375,nop,wscale 7], length 0
  6. 22:53:51.017923 IP worker.35869 > 192.168.219.75.http: Flags [S], seq 2475810478, win 64240, options [mss 1460,sackOK,TS val 2990410403 ecr 0,nop,wscale 7], length 0
  7. 22:53:51.018137 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688882171 ecr 2990407375,nop,wscale 7], length 0
  8. 22:53:53.048372 IP 192.168.219.75.http > worker.35869: Flags [S.], seq 1435520403, ack 2475810479, win 65236, options [mss 1400,sackOK,TS val 3688884201 ecr 2990407375,nop,wscale 7], length 0

Does anyone know what the problem is?

Comments

  • Posts: 2,451

    Hi @ctschacher,

    Does your VPC have a firewall rule to allow all ingress traffic into the cluster (from all sources, to all ports, all protocols)?

    Regards,
    -Chris

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training