I have deployed pihole on my k3s cluster using this helm chart https://github.com/MoJo2600/pihole-kubernetes.
(I used this tutorial)
I now have my services but they dont have external IPs:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
pihole-web ClusterIP 10.43.58.197 <none> 80/TCP,443/TCP 11h
pihole-dns-udp NodePort 10.43.248.252 <none> 53:30451/UDP 11h
pihole-dns-tcp NodePort 10.43.248.144 <none> 53:32260/TCP 11h
pihole-dhcp NodePort 10.43.96.49 <none> 67:30979/UDP 11h
I have tried to assing the IPs manually with this command:
kubectl patch svc pihole-dns-tcp -p '{"spec":{"externalIPs":["192.168.178.210"]}}'
But when executing the command i'm getting this error:
Error from server (NotFound): services "pihole-dns-tcp" not found
Any Ideas for a fix?
Thank you in advance :)
Looks Like "pihole-dns-tcp" is in a different namespace to the namespace where patch command is being ran.
As per the article you have shared , it seems like service pihole-dns-tcp is in pihole . So the command should be
kubectl patch svc pihole-dns-tcp -n pihole -p '{"spec":{"externalIPs":["192.168.178.210"]}}'
Related
I deployed a (LoadBalancer) service for a pod on my minikube cluster, then exposed it via minikube service [my_service] command. Now I tried to "turn off the exposure" but couldn't find any way to do this, except deleting it what I would like to avoid. Is it possible to just turn off the exposure, not deleting (and redeploying) the existing already exposed service?
Background
In Kubernetes documentation regarding ServiceTypes, you can find information that if you want to expose your cluster outside you have to use NodePort or LoadBalancer.
If you want to keep your service/application in cluster, you should use ClusterIP:
Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType.
Depends on your version, you can edit it or use workaround. For example in K8s 1.16 you won't be able as some errors might occurs.
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.8.0.1 <none> 443/TCP 3d20h
my-nginx LoadBalancer 10.8.14.224 34.121.77.108 80:32039/TCP 3m16s
$ kubectl patch service my-nginx -p '{"spec":{"type":"ClusterIP"}}'
The Service "my-nginx" is invalid: spec.ports[0].nodePort: Forbidden: may not be used when `type` is 'ClusterIP'
Solutions
However as you are using Minikube so I guess you are using newer version (1.20), so you can change it using:
kubectl edit
kubectl edit svc <yourSvcName> and change type to ClusterIP.
It will open Vi editor, where you can change spec.type to ClusterIP or just remove it as default type for Kubernetes service is ClusterIP so if it won't be specified, Kubernetes will automatically use ClusterIP.
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 25s
my-nginx LoadBalancer 10.107.129.201 <pending> 80:30173/TCP 8s
minikube-new:~$ kubectl edit svc my-nginx
service/my-nginx edited
sekreta#minikube-new:~$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 46s
my-nginx ClusterIP 10.107.129.201 <none> 80/TCP 29s
kubectl patch
$ kubectl patch service <yourServiceName> -p '{"spec":{"type":"ClusterIP"}}'
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 10m
my-nginx LoadBalancer 10.107.129.201 <pending> 80:30456/TCP 2m
minikube-new:~$ kubectl patch service my-nginx -p '{"spec":{"type":"ClusterIP"}}'
service/my-nginx patched
minikube-new:~$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 10m
my-nginx ClusterIP 10.107.129.201 <none> 80/TCP 3m
kubectl apply
You can edit your Yaml and remove spec.type or have 2 Yamls with ClusterIP and LoadBalancer and switch them depends on your needs.
$ kubectl apply -f svc.yaml
service/my-nginx configured
minikube-new:~$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22m
my-nginx ClusterIP 10.111.237.133 <none> 80/TCP 16s
Use some 3rd party software to make changes in your cluster like Helm and using templates.
How to get a full FQDN of the service inside Kubernetes?
➜ k get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
airflow-flower-service ClusterIP 172.20.119.107 <none> 5555/TCP 20d app=edna-airflow
airflow-service ClusterIP 172.20.76.63 <none> 80/TCP 20d app=edna-airflow
backend-service ClusterIP 172.20.39.154 <none> 80/TCP 20d app=edna-backend
so how to query internal Kubernetes DNS to get the FQDN of the backend-service for example?
Go inside any pod in the same namespace with kubectl exec -ti <your pod> bash and then run nslookup <your service> which will typically be, unless you change some configurations in the cluster to: yourservice.yournamespace.svc.cluster.local
I am using kubespray to run a kubernetes cluster on my laptop. The cluster is running on 7 VMs and the roles of the VM's spread as follows:
NAME STATUS ROLES AGE VERSION
k8s-1 Ready master 2d22h v1.16.2
k8s-2 Ready master 2d22h v1.16.2
k8s-3 Ready master 2d22h v1.16.2
k8s-4 Ready master 2d22h v1.16.2
k8s-5 Ready <none> 2d22h v1.16.2
k8s-6 Ready <none> 2d22h v1.16.2
k8s-7 Ready <none> 2d22h v1.16.2
I've installed https://istio.io/ to build a microservices environment.
I have 2 services running and like to access from outside:
k get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
greeter-service ClusterIP 10.233.50.109 <none> 3000/TCP 47h
helloweb ClusterIP 10.233.8.207 <none> 3000/TCP 47h
and the running pods:
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default greeter-service-v1-8d97f9bcd-2hf4x 2/2 Running 0 47h 10.233.69.7 k8s-6 <none> <none>
default greeter-service-v1-8d97f9bcd-gnsvp 2/2 Running 0 47h 10.233.65.3 k8s-2 <none> <none>
default greeter-service-v1-8d97f9bcd-lkt6p 2/2 Running 0 47h 10.233.68.9 k8s-7 <none> <none>
default helloweb-77c9476f6d-7f76v 2/2 Running 0 47h 10.233.64.3 k8s-1 <none> <none>
default helloweb-77c9476f6d-pj494 2/2 Running 0 47h 10.233.69.8 k8s-6 <none> <none>
default helloweb-77c9476f6d-tnqfb 2/2 Running 0 47h 10.233.70.7 k8s-5 <none> <none>
The problem is, I can not access the services from outside, because I do not have the EXTERNAL IP address(remember the cluster is running on my laptop).
k get svc istio-ingressgateway -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.233.61.112 <pending> 15020:31311/TCP,80:30383/TCP,443:31494/TCP,15029:31383/TCP,15030:30784/TCP,15031:30322/TCP,15032:30823/TCP,15443:30401/TCP 47h
As you can see, the column EXTERNAL-IP the value is <pending>.
The question is, how to assign an EXTERNAL-IP to the istio-ingressgateway.
First of all, you can't make k8s to assign you an external IP address, as LoadBalancer service is Cloud Provider specific. You could push your router external IP address to be mapped to it, I guess, but it is not trivial.
To reach the service, you can do this:
kubectl edit svc istio-ingressgateway -n istio-system
Change the type of the service from LoadBalancer to ClusterIp. You can also do NodePort. Actually you can skip this step, as LoadBalancer service already contains NodePort and ClusterIp. It is just to get rid of that pending status.
kubectl port-forward svc/istio-ingressgateway YOUR_LAPTOP_PORT:INGRESS_CLUSTER_IP_PORT -n istio-system
I don't know to which port you want to access from your localhost. Say 80, you can do:
kubectl port-forward svc/istio-ingressgateway 8080:80 -n istio-system
Now port 8080 of your laptop (localhost:8080) will be mapped to the port 80 of istio-ingressgateway service.
By default, there is no way Kubernetes can assign external IP to LoadBalancer service.
This service type needs infrastructure support which works in cloud offerings like GKE, AKS, EKS etc.
As you are running this cluster inside your laptop, deploy MetalLB Load Balancer to get EXTERNAL-IP
It's not possible as Suresh explained.
But if you want to access from your laptop you can use in your service type: NodePort, which gives you access from outside the cluster.
You should first obtain the IP of your cluster, then create your service with something like this:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: my-app
type: NodePort
ports:
- name: http
protocol: TCP
port: 3000
targetPort: 3000
nodePort: 30000
After that, you can access from your laptop with: http://cluster-ip:30000
There is no need to create an ingress for that.
You should use a port in range (30000-32767), as stated below:
If you set the type field to NodePort, the Kubernetes control plane allocates a port from a range specified by --service-node-port-range flag (default: 30000-32767).
If you are using minikube, just run:
$ minikube tunnel
$ k get svc -n istio-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istio-ingressgateway LoadBalancer 10.111.187.167 127.0.0.1 15021:31949/TCP,80:32215/TCP,443:30585/TCP 9m48s
I've applied the yaml for the kubernetes dashboard.
Now I want to expose this service with the public IP of my server: https://kubernetes.io/docs/tutorials/stateless-application/expose-external-ip-address/#objectives
But there is no service/deployment on my cluster:
$ sudo kubectl get services kubernetes
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 63d
$ sudo kubectl get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
What did I do wrong?
Thanks for the help
The command that you ran is fetching objects in default namespace.
However, Dashboard is deployed on kube-system namespace.
kubectl -n kube-system get services kubernetes
kubectl -n kube-system get deployment
I am giving you this info according to the link that you share kubernetes dashboard . And namely the YAML file
Oky thanks, now I get the right name:
sudo kubectl -n kube-system get deployment
NAME READY UP-TO-DATE AVAILABLE AGE
calico-kube-controllers 1/1 1 1 63d
coredns 2/2 2 2 63d
kubernetes-dashboard 1/1 1 1 103m
tiller-deploy 0/1 1 0 63d
But I still can't expose the service
sudo kubectl expose deployment kubernetes-dashboard
Error from server (NotFound): deployments.extensions "kubernetes-dashboard" not found
As mentionned here
SO, to reproduce and show how does it works - I spawned new fresh cluster on GKE.
Lets see what we have after applying dashboard yaml:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
kubectl get deployment kubernetes-dashboard -n kube-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kubernetes-dashboard 1 1 1 1 3m22s
kubectl get services kubernetes-dashboard -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard ClusterIP 10.0.6.26 <none> 443/TCP 5m1
kubectl describe service kubernetes-dashboard -n kube-system
Name: kubernetes-dashboard
Namespace: kube-system
Labels: k8s-app=kubernetes-dashboard
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard"...
Selector: k8s-app=kubernetes-dashboard
Type: ClusterIP
IP: 10.0.6.26
Port: <unset> 443/TCP
TargetPort: 8443/TCP
Endpoints: 10.40.1.5:8443
Session Affinity: None
Events: <none>
During this deployment:
1) kubernetes-dashboard deployment has been created. Note that it was created with the k8s-app=kubernetes-dashboard label.
2) kubernetes-dashboard service was created and works using k8s-app=kubernetes-dashboard [selector](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/.
So basically when you receive such an error - this is expected. Because kubectl expose deployment kubernetes-dashboard -n kube-system is trying to create new service with the kubernetes-dashboard name.
Just to play with it - you can easily expose the same, but use another service names, for example:
kubectl expose deployment kubernetes-dashboard -n kube-system --name kube-dashboard-service2
service/kube-dashboard-service2 exposed
Note that default kubernetes-dashboard service is created using ClusterIP type - so you are able right now to access it
1) withing the cluster
2) using kubectl proxy from local machine
$ kubectl proxy
In browser: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
If you want to expose the same - you can use:
1) Ingress
2) Nodeport service type
In 2 words: edit clusterIP --> Nodeport type while kubectl -n kube-system edit service kubernetes-dashboard and access dashboard using https://[node_ip]:[port]
More detailed article is here: How To Access Kubernetes Dashboard Externally
3) Loadbalancer service type. This is Cloud specific feature, so it will work only with cloud providers
Traffic from the external load balancer is directed at the backend
Pods. The cloud provider decides how it is load balanced.
Some cloud providers allow you to specify the loadBalancerIP. In those
cases, the load-balancer is created with the user-specified
loadBalancerIP. If the loadBalancerIP field is not specified, the
loadBalancer is set up with an ephemeral IP address. If you specify a
loadBalancerIP but your cloud provider does not support the feature,
the loadbalancerIP field that you set is ignored.
I executed the following command: % kubectl get service
It returned this list of services that were created at one point in time with kubectl:
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
car-example-service 10.0.0.129 <nodes> 8025:31564/TCP,1025:31764/TCP 10h
circle-example-service 10.0.0.48 <nodes> 9000:30362/TCP 9h
demo-service 10.0.0.9 <nodes> 8025:30696/TCP,1025:32047/TCP 10h
example-servic 10.0.0.168 <nodes> 8080:30231/TCP 1d
example-service 10.0.0.68 <nodes> 8080:32308/TCP 1d
example-service2 10.0.0.184 <nodes> 9000:32727/TCP 13h
example-webservice 10.0.0.35 <nodes> 9000:32256/TCP 1d
hello-node 10.0.0.224 <pending> 8080:32393/TCP 120d
kubernetes 10.0.0.1 <none> 443/TCP 120d
mouse-example-service 10.0.0.40 <nodes> 9000:30189/TCP 9h
spring-boot-web 10.0.0.171 <nodes> 8080:32311/TCP 9h
spring-boot-web-purple 10.0.0.42 <nodes> 8080:31740/TCP 9h
I no longer want any of these services listed, because when I list resources:
% kubectl get rs
I am expecting that I only see the spring-boot-web resource listed.
NAME DESIRED CURRENT READY AGE
spring-boot-web-1175758536 1 1 0 18m
Please help clarify why I am seeing services that are listed , when the resources only show 1 resource.
Simply call this command.
1/Get all available services:
kubectl get service -o wide
2/ Then you can delete any services like this:
kubectl delete svc <YourServiceName>
show deployment
$ kubectl get deployments;
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
spring-hello 1 1 1 1 22h
spring-world 1 1 1 1 22h
vfe-hello-wrold 1 1 1 1 14m
show services
$kubectl get services;
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d
spring-hello NodePort 10.103.27.226 <none> 8081:30812/TCP 23h
spring-world NodePort 10.102.21.165 <none> 8082:31557/TCP 23h
vfe-hello-wrold NodePort 10.101.23.36 <none> 8083:31532/TCP 14m
delete deployment
$ kubectl delete deployments vfe-hello-wrold
deployment.extensions "vfe-hello-wrold" deleted
delete services
$ kubectl delete service vfe-hello-wrold
service "vfe-hello-wrold" deleted
Kubernetes objects like Service and Deployment/ReplicaSet/Pod are independent and their deletions do not cascade to each other (like it does between say Deployment/RS/Pod). You need to manage your services independently from other objects, so you just need to delete the ones that are still lingering behind.
If you want to delete multiple related or non related objects at the same time
kubectl delete <objType>/objname <objType>/objname <objType>/objname
Example
kubectl delete service/myhttpd-clusterip service/myhttpd-nodeport
kubectl delete service/myhttpd-lb deployment/myhttpd
This also works
kubectl delete deploy/httpenv svc/httpenv-np
To delete ALL services in ALL namespaces just run:
kubectl delete --all services --namespace=*here-you-enter-namespace
The other option is to delete the deployment with:
kubectl delete deployment deployment-name
That will delete the service as well!
IMPORTANT: And watch out when you run this command in production!
Cheers!
First find the service:
kubectl get service -A
Note the namespace of the service you want to delete.
Then delete using
kubectl delete service <YourServiceName> --namespace <YourServiceNameSpace>
Also, check -carefully- if answer by #Dragomir Ivanov better fits your needs
If you're having trouble you probably forgot to specify the namespace:
-n some-namespace
This tripped me up quite a bit.