I wanted to learn Kubernetes using the Play with Kubernetes site but I seem to encounter some issue.
Here is what I did.
I created my kubernetes cluster by following the steps.
https://labs.play-with-k8s.com/p/bc3a57pk4ckg00bvdk70#bc3a57pk_bc3amn9k4ckg00bvdkv0
I had the following info with 1 master and 2 nodes
[node1 ~]$ kubectl cluster-info
Kubernetes master is running at https://192.168.0.18:6443
Heapster is running at https://192.168.0.18:6443/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://192.168.0.18:6443/api/v1/namespaces/kube-system/services/kube-dns/proxy
monitoring-influxdb is running at https://192.168.0.18:6443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy
I then deploy my Dashboard using the following steps.
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
[node1 ~]$ kubectl -n kube-system get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard ClusterIP 10.98.185.58 <none> 443/TCP 58m
According to this issue https://github.com/play-with-docker/play-with-docker/issues/258
Dashboard port is no longer accessible in the UI
Now, how can I access my dashboard from the outside?
According to the FAQ here..
https://github.com/play-with-docker/play-with-docker
How can I connect to a published port from the outside world?
If you need to access your services from outside, use the following URL pattern http://ip<hyphen-ip>-<session_jd>-<port>.direct.labs.play-with-docker.com (i.e: http://ip-2-135-3-b8ir6vbg5vr00095iil0-8080.direct.labs.play-with-docker.com).
Given my IP address
https://labs.play-with-k8s.com/p/bc3a57pk4ckg00bvdk70#bc3a57pk_bc3amn9k4ckg00bvdkv0
I tried it with this but I am not successful in accessing the dashboard
http://ip-192-168-0-18-bc3a57pk4ckg00bvdk70-8443.direct.labs.play-with-docker.com/
What did I do wrong or what I am missing?
Tried everything in this Running dashboard inside play-with-kubernetes
Nothing is successful
Any hints?
Have you seen this? https://github.com/play-with-docker/play-with-docker/issues/259#issuecomment-387607163
You need to make some changes in the deployment in order to access from outside.
Related
I created a small application, made a docker image of it, which runs
fine locally using docker run.
I created an EKS cluster on amazon.
I put the image up on ECR, wrote a yaml file for a deployment and loadbalancer service, and used kubectl apply -f to deploy to my cluster
I can see my service:
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
frd-front LoadBalancer 10.100.199.8 a2c269b1619ee11ea90f20636eb75c46-1160809648.us-east-2.elb.amazonaws.com 80:32594/TCP 40m
kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 22h
But if I go to http://a2c269b1619ee11ea90f20636eb75c46-1160809648.us-east-2.elb.amazonaws.com there is no repsponse
How can I start troubleshooting this?
Do you have any ideas right off the bat?
Thanks =)
The issue can be one of the two reasons:
Docker image: the image may not be exposing the output as expected on the mentioned port.
K8s Service: the service YAML may be configured with wrong target port or service port
if you find that there is no issue in both the reasons.
Try to use port-forward on your pod and check weather is available.
Usage:
check for pod
kubectl port-forward pod-name-765d459796-258hz 8080:8080 // host-port:container-port
check for service
kubectl port-forward svc/myservice 80:8080
If both are working fine, then its issue with loadbalancer side or service outbound or network policies.
If not working even after port-forward then issue with docker image or deployment yaml.
I have a testing Kubernetes cluster running in remote VMs (on VSphere), I have full access to the VMs through ssh (they have private IPs). How can I expose services and access them from outside the cluster (from my remote laptop trying to get access to the machines) knowing that I can remotely perform all kubectl commands.
For example: I tried with the dashboard, I installed it, I have changed the service to NodePort, and I tried to access to it from my laptop using this URL http:master-private-ip:exposedport, also with worker IPs, but it does not work. It returns in browser only � (binary output). When I try to connect through https, it trows a certificates error.
$ kubectl get svc -n kube-system -l k8s-app=kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.97.143.110 <none> 443:30714/TCP 42m
$ kubectl proxy -p 8001
$ curl http://172.16.5.226:30714 --output -
I have expected that the output shows me the html from the UI of the Kubernetes dashboard
NOTE: Dashboard should not be exposed publicly over HTTP. For domains accessed over HTTP it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.
If you have done everything correctly it should work over HTTPS
As it's explained in Accessing Dashboard 1.7.X and above.
In order to expose Dashboard using NodePort you need to edit kubernetes-dashboard service.
kubectl -n kube-system edit service kubernetes-dashboard
Find type: ClusterIP and change it to type: NodePort, then save the file.
Then, check which port was the Dashboard exposed to:
kubectl -n kube-system get service kubernetes-dashboard
which might look:
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard 10.100.124.90 <nodes> 443:31707/TCP 21h
To access the Dashboard navigate your browser to https://<server_IP>:31707
EDIT:
In your case with self-signed certificate, you need to put it into a secret. It has to be named kubernetes-dashboard-certs and it has to be in kube-system namespace.
You have to save the cert as dashboard.crt and dashboard.key and store them under $HOME/certs.
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
This installation process is explained here.
Having trouble getting a wordpress Kubertenes service to listen on my machine so that I can access it with my web browser. It just says "External IP" is pending. I'm using the Kubertenes configuration from Docker Edge v18.06 on Mac, with advanced Kube config enabled (not swarm).
Following this tutorial FROM: https://www.youtube.com/watch?time_continue=65&v=jWupQjdjLN0
And using .yaml config files from https://github.com/kubernetes/examples/tree/master/mysql-wordpress-pd
MACPRO:mysql-wordpress-pd me$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 48m
wordpress LoadBalancer 10.99.205.222 <pending> 80:30875/TCP 19m
wordpress-mysql ClusterIP None <none> 3306/TCP 19m
The commands to get things running, to see for yourself:
kubectl create -f local-volumes.yaml
kubectl create secret generic mysql-pass --from-literal=password=DockerCon
kubectl create -f mysql-deployment.yaml
kubectl create -f wordpress-deployment.yaml
kubectl get pods
kubectl get services
Start admin console to see more detailed config in your web browser:
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl proxy
I'm hoping someone can clarify things for me here. Thank you.
For Docker for Mac, you should use your host's DNS name or IP address to access exposed services. The "external IP" field will never fill in here. (If you were in an environment like AWS or GCP where a LoadBalancer Kubernetes Service creates a cloud-hosted load balancer, the cloud provider integration would provide the load balancer's IP address here, but that doesn't make sense for single-host solutions.)
Note that I've had some trouble figuring out which port is involved; answers to that issue suggest you need to use the service port (80) but you might need to try other things.
For development purposes I try to use Minikube. I want to test how my application will catch an event of exposing a service and assigning an External-IP.
When I exposed a service in Google Container Engine quick start tutorial I could see an event of External IP assignment with:
kubectl get services --watch
I want to achieve the same with Minikube (if possible).
Here is how I try to set things up locally on my OSX development machine:
minikube start --vm-driver=xhyve
minikube addons enable ingress
kubectl run echoserver --image=gcr.io/google_containers/echoserver:1.4 --port=8080
kubectl expose deployment echoserver --type="LoadBalancer"
kubectl get services --watch
I see the following output:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
echoserver LoadBalancer 10.0.0.138 <pending> 8080:31384/TCP 11s
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 4m
External-Ip field never gets updated and shows pending phase. Is it possible to achieve external IP assignment with Minikube?
On GKE or AWS installs, the external IP comes from the cloud support that reports back to kube API the address that the created LB was assigned.
To have the same on minikube you'd have to run some kind of an LB controller, ie. haproxy one, but honestly, for minikube it makes little sense, as you have single IP that you know in advance by minikube ip so you can use NodePort with that knowledge. LB solution would require setting some IP rangethat can be mapped to particular nodeports, as this is effectively what LB will do - take traffic from extIP:extPort and proxy it to minikubeIP:NodePort.
Unless your use case prevents you from it, you should consider Ingress as the way of ingesting traffic to your minikube.
If you want to emulate external IP assignment event (like the one you can observe using GKE or AWS), this can be achieved by applying the following patch on your sandbox kubernetes:
kubectl run minikube-lb-patch --replicas=1 --image=elsonrodriguez/minikube-lb-patch:0.1 --namespace=kube-system
https://github.com/elsonrodriguez/minikube-lb-patch#assigning-external-ips
I recently got started to learn Kubernetes by using Minikube locally in my Mac. Previously, I was able to start a local Kubernetes cluster with Minikube 0.10.0, created a deployment and viewed Kubernetes dashboard.
Yesterday I tried to delete the cluster and re-did everything from scratch. However, I found I cannot get the assets deployed and cannot view the dashboard. From what I saw, everything seemed to get stuck during container creation.
After I ran minikube start, it reported
Starting local Kubernetes cluster...
Kubectl is now configured to use the cluster.
When I ran kubectl get pods --all-namespaces, it reported (pay attention to the STATUS column):
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system kube-addon-manager-minikube 0/1 ContainerCreating 0 51s
docker ps showed nothing:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
minikube status tells me the VM and cluster are running:
minikubeVM: Running
localkube: Running
If I tried to create a deployment and an autoscaler, I was told they were created successfully:
kubectl create -f configs
deployment "hello-minikube" created
horizontalpodautoscaler "hello-minikube-autoscaler" created
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default hello-minikube-661011369-1pgey 0/1 ContainerCreating 0 1m
default hello-minikube-661011369-91iyw 0/1 ContainerCreating 0 1m
kube-system kube-addon-manager-minikube 0/1 ContainerCreating 0 21m
When exposing the service, it said:
$ kubectl expose deployment hello-minikube --type=NodePort
service "hello-minikube" exposed
$ kubectl get service
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-minikube 10.0.0.32 <nodes> 8080/TCP 6s
kubernetes 10.0.0.1 <none> 443/TCP 22m
When I tried to access the service, I was told:
curl $(minikube service hello-minikube --url)
Waiting, endpoint for service is not ready yet...
docker ps still showed nothing. It looked to me everything got stuck when creating a container. I tried some other ways to work around this issue:
Upgraded to minikube 0.11.0
Use the xhyve driver instead of the Virtualbox driver
Delete everything cached, like ~/.minikube, ~/.kube, and the cluster, and re-try
None of them worked for me.
Kubernetes is still new to me and I would like to know:
How can I troubleshoot this kind of issue?
What could be the cause of this issue?
Any help is appreciated. Thanks.
It turned out to be a network problem in my case.
The pod status is "ContainerCreating", and I found during container creation, docker image will be pulled from gcr.io, which is inaccessible in China (blocked by GFW). Previous time it worked for me because I happened to connect to it via a VPN.
I didn't try minikube but I use kubernetes. With the information provided it is difficult to say the cause of the issue. Your minikube has no problem in creating resources but ContainerCreating is a problem related to docker daemon or improper communication between kube-api and docker daemon or some problem with kubelet.
You can try the following command:
kubectl describe po POD_NAME
This will give you the POD's events. Maybe this will provide a path to the root cause of issue.
You may also check the logs of kubelet to get the events.
I had this problem on Windows, but it was related to an NTLM proxy. I deleted the minikube VM then recreated it with the correct proxy settings for my CNTLM installation:
minikube start \
--docker-env http_proxy=http://10.0.2.2:3128 \
--docker-env https_proxy=http://10.0.2.2:3128 \
--docker-env no_proxy=localhost,127.0.0.1,::1,192.168.99.100
See https://blog.alexellis.io/minikube-behind-proxy/
The horizontalpodautoscaler (hpa) requires heapster to use. You'll need to run heapster in minikube for that to work. You can always debug these kinds of issues with minikube logs or interactively through the dashboard found at minikube dashboard.
You can find the steps to run heapster and grafana at https://github.com/kubernetes/heapster
For me, it takes several minutes before I see the ContainerCreating problem. After executing the following command:
systemctl status kube-controller-manager.service
I get this error:
Sync "default/redis-master-2229813293" failed with unable to create pods: No API token found for service account "default", retry after the token is automatically created and added to the service account.
There are two ways to solve this:
Set the service account with token
Remove the ServiceAccount setting of KUBE_ADMISSION_CONTROL in api-server