Routing an internal Kubernetes IP address to the host system - kubernetes

While running Minikube, I want to connect to a server that has the annoying habit of announcing itself to a service registry with its internal IP address from inside its pod.
However for legacy reasons I have to connect to this registry first and retrieve that server's ip address from it. The only way to access this server from my dev machine, it seems to me, is bridging to the internal network, so I can access the networking of the Minikube. Is there an easy way to do this?

You can add a route to the k8 internal network from localhost
Add a route to the internal network using the minikube ip address
$ sudo ip route add 172.17.0.0/16 via $(minikube ip) # linux
$ sudo route -n add 172.17.0.0/16 $(minikube ip) # OSX
your subnet mask could be found using kubectl get service command
Test the route by deploying a test container and connect to it from localhost
$ kubectl run monolith --image=kelseyhightower/monolith:1.0.0 --port=80
$ IP=$(kubectl get pod -l run=monolith -o jsonpath='{.items[0].status.podIP }')
$ curl http://$IP
{"message":"Hello"}
You can also add a route to K8 master
sudo route -n add 10.0.0.0/24 $(minikube ip)
This is only useful for local development, you should use NodePort or LoadBalancer for exposing pods in production.

If I understand correctly: You are trying to expose a server from within minikube to your host network. This can be done a few ways:
The first is to create a NodePort Service for your server/pod. You can then run minikube service list to get the url for your service:
$ minikube service list
|-------------|----------------------|-----------------------------|
| NAMESPACE | NAME | URL |
|-------------|----------------------|-----------------------------|
| default | kubernetes | No node port |
| default | <your-service> | http://192.168.99.100:<port>|
| kube-system | kube-dns | No node port |
| kube-system | kubernetes-dashboard | http://192.168.99.100:30000 |
|-------------|----------------------|-----------------------------|
The second is to use kubectl proxy and proxy the port you want to your local machine. This method does not require you to create a service, it should work with your current configuration.
kubectl proxy --port=<port-you-want-access-on-server>
This will then make the proxied port available at localhost:port
If you are just trying to get the IP address of a pod, this command should work (from How to know a Pod's own IP address from a container in the Pod?):
kubectl get pod $POD_NAME --template={{.status.podIP}}
Also if you just need to access minikube's internal network you can use:
minikube ssh
Which will drop you into minikube's VM

Related

how to access pods from host?

I'm running colima with kubernetes like:
colima start --kuberenetes
I created a few running pods, and I want to see access the through the browsers.
But I don't know what is the colima IP (or kubernetes node IP).
help appreciated
You can get the nodeIp so:
kubectl get node
NAME STATUS ROLES AGE VERSION
nodeName Ready <none> 15h v1.26.0
Then with the nodeName:
kubectl describe node nodeName
That gives you a descrition of the node and you should look for this section:
Addresses:
InternalIP: 10.165.39.165
Hostname: master
Ping it to verify the network.
Find your host file on Mac and make an entry like:
10.165.39.165 test.local
This let you access the cluster with a domain name.
Ping it to verify.
You can not access from outside the cluster a ClusterIp.
To access your pod you have several possibilities.
if your service is type ClusterIp, you can create a temporary connection from your host with a port forward.
kubectl port-forward svc/yourservicename localport:podport
(i would raccomend this) create a service type: NodePort
Then
kubectl get svc -o wide
Shows you the NodePort: between(30000-32000).
You can access now the Pod by: test.local:nodePort or Ipaddress:NodePort.
Note: If you deployed in a namespace other than default, add -n yournamespace in the kubectl commands.
Update:
if you want to start colima with an ipAddress, first find one of your local network which is available.
Your network setting you can get with:
ifconfig
find the network. Should be the same of that of your Internet router.
Look for the subnet. Most likely 255.255.255.0.
The value to pass then:
--network-address xxx.xxx.xxx.xxx/24
In case the subnet is 255.255.0.0 then /16. But i dont think, if you are connect from home. Inside a company however this is possible.
Again check with ping and follow the steps from begining to verify the kubernetes node configuration.

Expose Kube API to outside network

I have a Kubernetes cluster installed inside a VM on AWS EC2. When I try getting the Kube API URL, I get this:
[root#node-1 centos]# kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
https://172.xxx.xxx.xxx:6443
Problem is that we are now trying to create a Kube config file so I can run kubectl from my local machine but my kubectl seems to not be able to reach the kube API
In my kube config, I tried using both the public IP and the DNS name of the EC2 VM but it doesn't work (it times out after a long time)
My firewall on EC2 is open, so that shouldn't be a problem
Any ideas on how I can expose my cluster installed inside EC2 to external world/kubectl?
Thanks!

Expose Kubernetes Ingress to LAN computers

I have computer A and B on LAN:
A at IP 192.168.0.104
B at IP 192.168.0.110
On computer B I have a Kubernetes service with ingress:
path hello
host hello-node.com
minikube ip is 192.168.49.2
/etc/hosts has a line:
192.168.49.2 hello-node.com
On B I see the service response to hello-node.com/hello but not to
192.168.49.2/hello. On 192.168.49.2/hello I see 404 error from nginx.
How do I access either hello-node.com/hello or 192.168.49.2/hello from computer A?
I do not want to rely on any 3rd party service (load balancer etc)
info:
minikube version: v1.16.0
$ kubectl cluster-info
Kubernetes control plane is running at https://192.168.49.2:8443
KubeDNS is running at https://192.168.49.2:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Workaround without using ingress, but NodePort expose command. From link from #mariusz-k
kubectl expose deployment/hello-node --type="NodePort" --port 8080
SERVICE_NODE_IP=$(minikube ip)
FORWARD_PORT=8090
SERVICE_NODE_PORT=$(kubectl get services/hello-node -o go-template='{{(index .spec.ports 0).nodePort}}')
ssh -i ~/.minikube/machines/minikube/id_rsa docker#$SERVICE_NODE_IP -NL \*:$FORWARD_PORT:0.0.0.0:$SERVICE_NODE_PORT
You need to get the address of Computer B (the cluster ip) and then connect to it.
# Get the cluster "master" ip
$ kubectl cluster-info
Kubernetes master is running at https://<the desired ip/DNS record>......:443
# use the above ip to get the content of your service
curl -vsI <ip>/hello
You can access your minikube service from another machine by following steps from this github issue:
service_name=web # This is what you need to replace with your own service
service_port=$(minikube service $service_name --url | cut -d':' -f3)
ssh -i ~/.minikube/machines/minikube/id_rsa docker#$(minikube ip) -NL \*:${service_port}:0.0.0.0:${service_port}
After that your service will be available under `<minikube's-host-ip>:

What is the 'minikube ip' equivalent on k3d

Hi I'm really new in kubernetes and I'm playing around with minikube and deployed a nginx server successfully, executing minikube ip I'm able to get the deployed application ip and access to it via browser or give it an alias in hosts file.
And now I'm playing around with k3d and I noticed that there is no equivalent command to get that ip for my nginx deployed application, how can I get that ip?
You can retrieve the exposed IP on the traefik service (on the kube-system namespace)
kubectl get -n kube-system service/traefik -o jsonpath="{.status.loadBalancer.ingress[0].ip}"

How to access to the services in kubernetes cluster when ssh to another VMs via proxy?

Consider if we build two VMs in a bare-metal server through a network, one is master and another is worker. I ssh to the master and construct a cluster using kubeadm which has three pods and a service with type: ClusterIP. So when I want access to the cluster I do kubectl proxy in the master. Now we can explore the API with curl and wget in the VM which we ssh to it, like this :
$ curl http://localhost:8080/api/
So far, so good! but I want access to the services by my laptop? The localhost which comes above is refer to the bare-metal server! How can access to the services through proxy by my laptop when cluster is placed in another machine?
When I do $ curl http://localhost:8080/api/ in my laptop it says :
127.0.0.1 refused to connect
which make sense! But what is the solution to this?
If you forward the port 8080 when sshing to master, you can use localhost on your laptop to access the apis on the cluster.
You can try adding the -L flag to your ssh command:
$ ssh -L 8080:localhost:8080 your.master.host.com
Then the curl to localhost will work.
You can also specify an extra arguments to the kubectl proxy command, to let your reverse-proxy server listening on non-default ip address (127.0.0.1) - expose outside
kubectl proxy --port=8001 --address='<MASTER_IP_ADDRESS>' --accept-hosts="^.*$"
You can get your Master IP address by issuing following command: kubectl cluster-info