Having trouble getting a wordpress Kubertenes service to listen on my machine so that I can access it with my web browser. It just says "External IP" is pending. I'm using the Kubertenes configuration from Docker Edge v18.06 on Mac, with advanced Kube config enabled (not swarm).
Following this tutorial FROM: https://www.youtube.com/watch?time_continue=65&v=jWupQjdjLN0
And using .yaml config files from https://github.com/kubernetes/examples/tree/master/mysql-wordpress-pd
MACPRO:mysql-wordpress-pd me$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 48m
wordpress LoadBalancer 10.99.205.222 <pending> 80:30875/TCP 19m
wordpress-mysql ClusterIP None <none> 3306/TCP 19m
The commands to get things running, to see for yourself:
kubectl create -f local-volumes.yaml
kubectl create secret generic mysql-pass --from-literal=password=DockerCon
kubectl create -f mysql-deployment.yaml
kubectl create -f wordpress-deployment.yaml
kubectl get pods
kubectl get services
Start admin console to see more detailed config in your web browser:
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl proxy
I'm hoping someone can clarify things for me here. Thank you.
For Docker for Mac, you should use your host's DNS name or IP address to access exposed services. The "external IP" field will never fill in here. (If you were in an environment like AWS or GCP where a LoadBalancer Kubernetes Service creates a cloud-hosted load balancer, the cloud provider integration would provide the load balancer's IP address here, but that doesn't make sense for single-host solutions.)
Note that I've had some trouble figuring out which port is involved; answers to that issue suggest you need to use the service port (80) but you might need to try other things.
Related
i am deploying the hello-world docker container to a k3d - cluster.
To get the external IP, a service of the type - load balancer is deployed.
After that i was hoping to call the appication via load balancer. But i don't get the external ip.
k3d create --name="mydemocluster" --workers="2" --publish="80:80"
export KUBECONFIG="$(k3d get-kubeconfig --name='mydemocluster')"
kubectl run kubia --image=hello-world --port=8080 --generator=run/v1
kubectl expose rc kubia --type=LoadBalancer --name kubia-http
export KUBECONFIG="$(k3d get-kubeconfig --name='mydemocluster')"
then kubectl get services:
LoadBalancer type service will get external IP only if you use a managed kubernetes Service provided by cloud providers such as AWS EKS, Azure AKS, Google GCP etc.Tools such as k3d is for local development and if you create a LoadBalancer type service external ip will be pending. Alternative is to use NodePort type service or ingress . Here is the doc on this.
Also you can use kubectl port forward or kubectl proxy to access the pod.
I was following this example
with k3d and there it seems to work fine:
(base) erik#buzzard:~/kubernetes/tutorial>
kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 3d6h
mongodb-service ClusterIP 10.43.215.113 <none> 27017/TCP 27m
mongo-express-service LoadBalancer 10.43.77.100 172.20.0.2 8081:30000/TCP 27m
As I understand, k3d is running k3s which is more of a full kubernetes setup than minikube for instance. I can access the service at http://172.20.0.2:8081 without problems.
You'll need a cloud controller manager to act as a service controller to do that. As far as on-prem goes, your best option is likely MetalLB.
That being said, I don't know how that will behave with the underlying docker network in K3d. It's on my list of things to try out. If I find it works well, I'll come back and update this post.
I solved this by changing my manifest from a LoadBalancer type to an Ingress type. K3d doesn't seem to expose external IP's properly to a load balancer type.
Oddly, I did find I was able to get the LoadBalancer type to work if I deployed really quickly. It seemed it had to be after the master node was up and before any agents were up.
I created a small application, made a docker image of it, which runs
fine locally using docker run.
I created an EKS cluster on amazon.
I put the image up on ECR, wrote a yaml file for a deployment and loadbalancer service, and used kubectl apply -f to deploy to my cluster
I can see my service:
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
frd-front LoadBalancer 10.100.199.8 a2c269b1619ee11ea90f20636eb75c46-1160809648.us-east-2.elb.amazonaws.com 80:32594/TCP 40m
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 22h
But if I go to http://a2c269b1619ee11ea90f20636eb75c46-1160809648.us-east-2.elb.amazonaws.com there is no repsponse
How can I start troubleshooting this?
Do you have any ideas right off the bat?
Thanks =)
The issue can be one of the two reasons:
Docker image: the image may not be exposing the output as expected on the mentioned port.
K8s Service: the service YAML may be configured with wrong target port or service port
if you find that there is no issue in both the reasons.
Try to use port-forward on your pod and check weather is available.
Usage:
check for pod
kubectl port-forward pod-name-765d459796-258hz 8080:8080 // host-port:container-port
check for service
kubectl port-forward svc/myservice 80:8080
If both are working fine, then its issue with loadbalancer side or service outbound or network policies.
If not working even after port-forward then issue with docker image or deployment yaml.
I have a testing Kubernetes cluster running in remote VMs (on VSphere), I have full access to the VMs through ssh (they have private IPs). How can I expose services and access them from outside the cluster (from my remote laptop trying to get access to the machines) knowing that I can remotely perform all kubectl commands.
For example: I tried with the dashboard, I installed it, I have changed the service to NodePort, and I tried to access to it from my laptop using this URL http:master-private-ip:exposedport, also with worker IPs, but it does not work. It returns in browser only � (binary output). When I try to connect through https, it trows a certificates error.
$ kubectl get svc -n kube-system -l k8s-app=kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.97.143.110 <none> 443:30714/TCP 42m
$ kubectl proxy -p 8001
$ curl http://172.16.5.226:30714 --output -
I have expected that the output shows me the html from the UI of the Kubernetes dashboard
NOTE: Dashboard should not be exposed publicly over HTTP. For domains accessed over HTTP it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.
If you have done everything correctly it should work over HTTPS
As it's explained in Accessing Dashboard 1.7.X and above.
In order to expose Dashboard using NodePort you need to edit kubernetes-dashboard service.
kubectl -n kube-system edit service kubernetes-dashboard
Find type: ClusterIP and change it to type: NodePort, then save the file.
Then, check which port was the Dashboard exposed to:
kubectl -n kube-system get service kubernetes-dashboard
which might look:
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard 10.100.124.90 <nodes> 443:31707/TCP 21h
To access the Dashboard navigate your browser to https://<server_IP>:31707
EDIT:
In your case with self-signed certificate, you need to put it into a secret. It has to be named kubernetes-dashboard-certs and it has to be in kube-system namespace.
You have to save the cert as dashboard.crt and dashboard.key and store them under $HOME/certs.
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
This installation process is explained here.
For development purposes I try to use Minikube. I want to test how my application will catch an event of exposing a service and assigning an External-IP.
When I exposed a service in Google Container Engine quick start tutorial I could see an event of External IP assignment with:
kubectl get services --watch
I want to achieve the same with Minikube (if possible).
Here is how I try to set things up locally on my OSX development machine:
minikube start --vm-driver=xhyve
minikube addons enable ingress
kubectl run echoserver --image=gcr.io/google_containers/echoserver:1.4 --port=8080
kubectl expose deployment echoserver --type="LoadBalancer"
kubectl get services --watch
I see the following output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
echoserver LoadBalancer 10.0.0.138 <pending> 8080:31384/TCP 11s
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 4m
External-Ip field never gets updated and shows pending phase. Is it possible to achieve external IP assignment with Minikube?
On GKE or AWS installs, the external IP comes from the cloud support that reports back to kube API the address that the created LB was assigned.
To have the same on minikube you'd have to run some kind of an LB controller, ie. haproxy one, but honestly, for minikube it makes little sense, as you have single IP that you know in advance by minikube ip so you can use NodePort with that knowledge. LB solution would require setting some IP rangethat can be mapped to particular nodeports, as this is effectively what LB will do - take traffic from extIP:extPort and proxy it to minikubeIP:NodePort.
Unless your use case prevents you from it, you should consider Ingress as the way of ingesting traffic to your minikube.
If you want to emulate external IP assignment event (like the one you can observe using GKE or AWS), this can be achieved by applying the following patch on your sandbox kubernetes:
kubectl run minikube-lb-patch --replicas=1 --image=elsonrodriguez/minikube-lb-patch:0.1 --namespace=kube-system
https://github.com/elsonrodriguez/minikube-lb-patch#assigning-external-ips
I am trying to deploy multiple identical docker containers on Google Container Engine. I am using kubectl for that following the instructions here: https://cloud.google.com/container-engine/docs/tutorials/hello-node
The instructions describe how to run a redundant service managed by the load balancer, so when I contact the balancer, it sends my request to one of my redundant pods. And in that mode, it works fine.
But I need to do this differently. I need to be able to contact individual pods directly from the client. So I am trying to use --type=NodePort with my "kubectl expose deployment" command:
mac-124307:hellonode ivm$ kubectl expose deployment hello-world --type=NodePort --port 9000 --target-port 9000
service "hello-world" exposed
mac-124307:hellonode ivm$ kubectl get service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-world 10.15.253.149 <nodes> 9000:30513/TCP 21m
kubernetes 10.15.240.1 <none> 443/TCP 46m
The command does not complain, and I can use "gcloud compute instances list" to see external IP addressed of individual pods:
mac-124307:hellonode ivm$ gcloud compute instances list
NAME ZONE MACHINE_TYPE PREEMPTIBLE INTERNAL_IP EXTERNAL_IP STATUS
gke-hello-cluster-default-pool-402030b2-j60q us-central1-a n1-standard-1 10.128.0.3 104.197.72.212 RUNNING
gke-hello-cluster-default-pool-402030b2-q86r us-central1-a n1-standard-1 10.128.0.4 35.192.4.43 RUNNING
gke-hello-cluster-default-pool-402030b2-tf7t us-central1-a n1-standard-1 10.128.0.2 146.148.72.137 RUNNING
but when I try to connect to port 9000 at any of these IP addresses, my connection times-out.
mac-124307:hellonode ivm$ curl http://104.197.72.212:9000/
... <time-out>
What am I doing wrong ?
Note that the node port that was allocated is 30513. You are using 9000, that's the port for the ClusterIP, 10.15.253.149 that was assigned.
You also need to have port 30513 open on the firewall, as suggested by Eric.
If you only need a one-off access to this pod, you can also use kubectl port-forward name-of-a-hello-pod 9000 which will forward 127.0.0.1:9000 on your workstation directly to the pod. Of course this only works as long as kubect port-forward is running.