I am just getting started with Kubernetes. I'm using microk8s and I'm currently having a mental breakdown. My 5 days are being spent here.
I currently have airflow installed using microk8s helm. However, I forwarded to port 8080, but the connection is being refused.And i'm using AWS EC2
helm chart
https://github.com/airflow-helm/charts/tree/main/charts/airflow
pod status
webserver log
Describe
Port
I allowed port 8080 in security group of aws ec2
Port-forward 8080
i did kubectl port-forward svc/airflow-web 8080:8080
and check port
i did netstat -ntlp
and
i did kubectl get cs
...but I connected to 127.0.0.1:8080 but the connection was denied:
Here is the log for postgresql. There is an error, is it related to this?
service:
type: NodePort
externalPort: 8080
I solved the problem by changing the webserver's service type to NodePort.
In the case of ClusterIP, I don't know why I can't connect
In the instance security group, I allowed all ports 30000 - 32767
i am very happy
Related
I have a service which is accessible on 8081. If I do via docker-compose or swarm without any specific changing on port it's work.
http://$(minikube ip):8081
but when i run my app via Kubernetes(minikube) is assign a nodePort in range of 30000-32767.
Then i have to call as follow:
http://$(minikube ip):30546
which is not acceptable from my service. Is there any way to map randomly given port to my own defined port?
When call second url then i am getting connection refused
I also used
kubectl port forward my-service 8081
but still no success.
kubectl port-forward command is incorrect. try below one
kubectl port-forward svc/my-service 8081:8081
then you should be able to access the service at http//:127.0.0.1:8081
This answer is not specific to Minikube but applicable to any Kubernetes cluster running inside a docker container.
In order to send a request from the host machine to the Kubernetes pod running in a container, you have to map ports from host machine to all the way to the pod.
Here is how you do it:
Publish the NodePort you want to use inside container to the host machine using --publish or -p.
# Map port 8080 on host machine to 31080 inside the container
docker run -p 8080:31080 ...
Use a custom NodePort when creating the service:
# You need to specify the exposed port as the nodePort value
# Otherwise Kubernetes will generate a random nodePort for you
kubectl create service nodeport myservice --node-port=31080 --tcp=3000:80
The application inside the pod listens to port 80 which is exposed as a service at port 3000. The traffic received at port 31080 on Kubernetes node will be directed at this service.
The query you send to 8080 on your host machine will follow this path:
Request -> Host Machine -> Docker Container -> Kubernetes Node -> Service -> Pod
↑ ↑ ↑ ↑ ↑
localhost:8080 :31080 :31080 :3000 :80
References:
https://docs.docker.com/engine/reference/commandline/run/
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-em-service-nodeport-em-
kubectl exposes commands that can be used to create a Service for an application and assigns an IP address to access it from internet.
As far as I understand, to access any application within Kubernetes cluster there should be a Service resource created and that should have an IP address which is accessible from an external network.
But in case of port-forward how does kubectl create a connection to the application without an IP address which is accessible externally?
To start, it's useful to note and remember that in Kubernetes, every pod gets its own ip address from 10.*, that is usable only within the cluster. Now, the port-forward feature of kubectl simply tunnels the traffic from a specified port at your local host machine to the specified port on the specified pod. API server then becomes, in a sense, a temporary gateway between your local port and the Kubernetes cluster.
kubectl port-forward forwards connections to a local port to a port on a pod. Compared to kubectl proxy, kubectl port-forward is more generic as it can forward TCP traffic while kubectl proxy can only forward HTTP traffic.
kubectl port-forward is useful for testing/debugging purposes so you can access your service locally without exposing it.
Below is the name of the pod and it will forward it's port 6379 to localhost:6379.
kubectl port-forward redis-master-765d459796-258hz 6379:6379
which is the same as
kubectl port-forward pods/redis-master-765d459796-258hz 6379:6379
or
kubectl port-forward deployment/redis-master 6379:6379
or
kubectl port-forward rs/redis-master 6379:6379
or
kubectl port-forward svc/redis-master 6379:6379
kubectl port-forward makes a specific Kubernetes API request. That means the system running it needs access to the API server, and any traffic will get tunneled over a single HTTP connection.
Having this is really useful for debugging (if one specific pod is acting up you can connect to it directly; in a microservice environment you can talk to a back-end service you wouldn't otherwise expose) but it's not an alternative to setting up service objects. When I've worked with kubectl port-forward it's been visibly slower than connecting to a pod via a service, and I've found seen the command just stop after a couple of minutes. Again these aren't big problems for debugging, but they're not what I'd want for a production system.
If you want to forward to a different port in localhost. Try this
kubectl port-forward <pod-name> <locahost-port>:<pod-port>
kubectl port-forward sample-pod-sadasds-sxawdd 8090:6379
The above command forwards to localhost 8090 from pod 6379
The port-forward command, Forwards one (or more) local ports to a pod.
This command is very useful for example in blue/green deployments where you would want to troubleshoot a misbehaving pod.
To take things even further, you could even execute some preliminary tests to the pods you feel could be more error-prone right inside your CI/CD pipeline in Jenkins by using multiple conditions, declarative pipeline.
Usage examples:
Listen on port 8888 locally, forwarding to 5000 in the pod
kubectl port-forward pod/mypod 8888:5000
Listen on port 8888 on all addresses, forwarding to 5000 in the pod
kubectl port-forward --address 0.0.0.0 pod/mypod 8888:5000
Listen on a random port locally, forwarding to 5000 in the pod
kubectl port-forward pod/mypod :5000
Listen on port 8888 on localhost and selected IP, forwarding to 5000 in the pod
kubectl port-forward --address localhost,10.19.21.23 pod/mypod 8888:5000
Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod
kubectl port-forward pod/mypod 5000 6000
Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the deployment
kubectl port-forward deployment/mydeployment 5000 6000
Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the service
kubectl port-forward service/myservice 5000 6000
To access something inside the cluster, there ae a couple of different options available to,
Cluster IP service with Ingress-Nginx
NodePort Service to expose the pod directly to the outside world.
Above both approach will require to write config file, In case if you want to access a pod without writing a config file then it comes to third option.
Port Forward: We can run a command at our terminal that tells our kubernets cluster to port-forward a port off a very specific pod inside of our cluster when we use this port forwarding thing that's going to cause our cluster to essentially behaves as though it has a node port service running inside it. It's going to expose this pod or a very specific port on it to the outside world and allow us to connect to it directly from our local machine.
Let's go by an example:
const stan = nats.connect('ticketing', 'abc', {
url: 'http://localhost:5000',
});
Our goal is to establish a connection between stan and a pod inside a kubernets cluster.
first we will need the pod name, you can get the name by command kubectl get pods
kubectl get pods
I am assuming my pod name is nats-depl-855d477f4d-xgbd7, and it is accessiable via a cluster IP service
apiVersion: v1
kind: Service
metadata:
name: nats-srv
spec:
selector:
app: nats
ports:
- name: client
protocol: TCP
port: 4222
targetPort: 4222
now to establish the connection run the below command:
kubectl port-forward nats-depl-855d477f4d-xgbd7 5000:4222
5000: is the port of my local machine
4222 : is the port of the pod I want to get access
kubectl port-forward is the easiest communication method with the Pod, but under the hood, this method is much more complicated. The communication goes through several Kubernetes components, so if anything is broken in the communication path, you will not be able to talk to the pod, even if the pod itself is accessible via regular communication channels.
The server proxy runs via kubectl port-forward command forwards the connection to the Kubernetes API Server living in Master node, then the API Server delivers the connection to the Kubelet on the node hosting your Pod, and then the Kubelet forwards the connection to the application running in the pod's container.
NOTE
The application in the container must be bound to a port on the
loopback device for the Kubelet to reach it. If it listens only on the
pod’s eth0 network interface, you won’t be able to reach it with the
kubectl port-forward command.
Marko Lukša "Kubernetes in Action, Second Edition"
TIP
kubectl port-forward allows you to forward communication also to Services and has several other useful features. Run kubectl port-forward --help to learn more.
I am making my first steps with Kubernetes and I have some difficulties.
I have a pod with it's service defined as NodePort at port 30010.
I have a load balancer configured in front of this Kubernetes cluster where port 8443 directs traffic to this 30010 port.
when I try to access this pod from outside the cluster to port 8443 the pod is not getting any connections but I can see the incoming connections via tcptrack in the host in port 30010 with means the load balancer is doing it's job.
when I do curl -k https://127.0.0.1:30010 in the host I get a response from the pods.
what am I missing?
how can I debug it?
thanks
I've set up and deployed a Kubernetes stateful set containing three CockroachDB pods, as per docs. My ultimate objective is to query the database without requiring use of kubectl. My intermediate objective is to query the database without actually shelling into the database pod.
I forwarded a port from a pod to my local machine, and attempted to connect:
$ kubectl port-forward cockroachdb-0 26257
Forwarding from 127.0.0.1:26257 -> 26257
Forwarding from [::1]:26257 -> 26257
# later, after attempting to connect:
Handling connection for 26257
E0607 16:32:20.047098 80112 portforward.go:329] an error occurred forwarding 26257 -> 26257: error forwarding port 26257 to pod cockroachdb-0_mc-red, uid : exit status 1: 2017/06/07 04:32:19 socat[40115] E connect(5, AF=2 127.0.0.1:26257, 16): Connection refused
$ cockroach node ls --insecure --host localhost --port 26257
Error: unable to connect or connection lost.
Please check the address and credentials such as certificates (if attempting to
communicate with a secure cluster).
rpc error: code = Internal desc = transport is closing
Failed running "node"
Anyone manage to accomplish this?
From inside the Kubernetes cluster, you can talk to the database by connecting the cockroachdb-public DNS name. In the docs, that corresponds to the example command:
kubectl run cockroachdb -it --image=cockroachdb/cockroach --rm --restart=Never -- sql --insecure --host=cockroachdb-public
While that command is using the CockroachDB image, any Postgres client driver you use should be able to connect to cockroachdb-public when running with the Kubernetes cluster.
Connecting to the database from outside of the Kubernetes cluster will require exposing the cockroachdb-public service. The details will depend somewhat on how your Kubernetes cluster was deployed, so I'd recommend checking out their docs on that:
https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#exposing-the-service
And in case you're curious, the reason forwarding port 26257 isn't working for you is because port forwarding from a pod only works if the process in the pod is listening on localhost, but the CockroachDB process in the statefulset configuration is set up to listen on the pod's hostname (as configured via the --host flag).
I installed minikube on my mac and created deployment and a service for my nodejs app. I tested that everything is working by getting the URL of my service using the following command:
minikube service my-nodejs-app --url
and then I run this URL in the browser and got results. The problem is when i tried to access the same URL from another machine inside the same network it didn't worked.
my service.yml file is:
apiVersion: v1
kind: Service
metadata:
name: my-nodejs-app
spec:
type: NodePort
ports:
- port: 80
targetPort: 1337
protocol: TCP
name: app-server
selector:
app: my-nodejs-app
I tried to use port forwarding to forward my pod port to my localhost and it works only on the same machine who host the cluster and when I try to access from another machine on the same network (via the IP address of the machine where the cluster deployed) I still get page not found.
You can use "port forward a service". Assuming:
Your local machine IP: 166.6.6.6 (which hold minikube)
Your minikube IP: 192.168.99.100 (check the real IP with command $minikube ip)
The nodePort of your service 'my-nodejs-app': 31000 (check the real
nodePort with command: $kubectl get service)
In order to access your service from remote, you can forward a port (like 31000, recommend the same port with nodePort) to your service through the following command in your local machine:
ssh -i ~/.minikube/machines/minikube/id_rsa docker#$(minikube ip) -L \*:31000:0.0.0.0:31000
Then you can access your service through URL: http://166.6.6.6:31000, which will be forwarded to your service URL http://192.168.99.100:31000
Thx: https://github.com/kubernetes/minikube/issues/877
Probably a bit late, but if anyone still having this issue-
Check the list of services and the one you want to expose if it is present
kubectl get svc -n {namespace_name}
Change the type to NodePort if it is of cluster IP type.
kubectl patch svc {service_name} -n {namespace_name} --type='json' -p '[{"op":"replace","path":"/spec/type","value":"NodePort"}]'
Expose the above Node Port available to your local machine now for other machines on same network:
service_port=$(minikube service {service_name} -n {namespace_name} --url | cut -d':' -f3)
ssh -i ~/.minikube/machines/minikube/id_rsa docker#$(minikube ip) -NL \*:${service_port}:0.0.0.0:${service_port}
Now you can access the above service from other machines on same network by just hitting the link-
{your_hostname}:{node_port}
Sounds like reaching it from another machine compares to exposing a ssevice to the web.
In that case you need to look into spec/type:LoadBalancer (http://kubernetes.io/docs/user-guide/load-balancer/)
That said, with minikube i'd stick to a single machine and development only tests
If I understand your problem correctly:
Your machine's IP: 192.168.1.4
Your minikube IP: 192.168.99.100
Accessing your service from a browser on your machine: http://192.168.99.100:30080
Now, let's say you're on another machine, say192.168.1.5, and you want to access this service.
The problem is that you need to map your machine's port to minikube's 30080 because minikube is a VM running on your machine (which cannot be accessed from outside your machine).
So you can try: Virtualbox "port forward" from Guest to Host.
Another alternative is to forward a port from your localhost to a pod directly (not the k8s svc unfortunately) by using kubectl port-forward.
You have not specified nodePort in ports.
Add below configuration in port
nodePort: 30000
You can access your service at http://[IP address]:30000