This question already has answers here:
Kubernetes - services without selector
(2 answers)
Closed 3 years ago.
I've created a Kubernetes Service whose backend nodes aren't part of the Cluster but a fixed set of nodes (having fixed IPs), so I've also created an Endpoints resource with the same name:
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- port: 10002
Description of Service and Endpoints:
$ kubectl describe svc/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP: 10.0.192.103
Port: http 80/TCP
TargetPort: 10002/TCP
Endpoints:
Session Affinity: None
Events: <none>
$
$ kubectl describe ep/hive
Name: hive
Namespace: default
Labels: <none>
Annotations: <none>
Subsets:
Addresses: 10.52.7.28,10.52.7.29
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
<unset> 10002 TCP
Events: <none>
If I exec into one of the pods and telnet directly to Endpoint subset addresses, I am able to connect but If I access it via Service, I am getting connection refused. Just for completeness, Service and the pod are in same namespace:
# telnet 10.52.7.28 10002
Trying 10.52.7.28...
Connected to 10.52.7.28.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet 10.52.7.29 10002
Trying 10.52.7.29...
Connected to 10.52.7.29.
Escape character is '^]'.
^CConnection closed by foreign host.
#
# telnet hive 80
Trying 10.0.192.103...
telnet: Unable to connect to remote host: Connection refused
#
Any idea why I can directly connect to the IP but can't go via Kubernetes Service? I believe this isn't because of Firewall rules because then it should've blocked the direct requests as well.
Edit: I suspect its something to do with Endpoints being empty when I run kubectl describe svc/hive but I can see in the dashboard that Endpoints (under Service page) shows those Endpoints.
The names of the ports must match between Service and Endpoint. Either remove the port name in service or add it in Endpoint.
apiVersion: v1
kind: Service
metadata:
name: hive
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 10002
---
apiVersion: v1
kind: Endpoints
metadata:
name: hive
subsets:
- addresses:
- ip: 10.52.7.28
- ip: 10.52.7.29
ports:
- name: http
port: 10002
Related
On my Kubernetes cluster, I have few pods which should talk with each other. They are deployed separately
I've created a headless service called my-service which is targeting all the pods.
apiVersion: v1
kind: Service
metadata:
name: my-service
namespace: default
spec:
clusterIP: None
ports:
- name: test1
port: 111
protocol: TCP
targetPort: 111
- name: test2
port: 222
protocol: TCP
targetPort: 222
publishNotReadyAddresses: true
selector:
app: "my-app"
type: ClusterIP
Each pod is exposing two ports: 111 and 222
apiVersion: v1
kind: Pod
metadata:
labels:
app: "my-app"
name: my-service-6c44bdf68c-q6jdq
namespace: default
spec:
containers:
- image: my-image
name: my-app
ports:
- containerPort: 111
name: test1
protocol: TCP
- containerPort: 222
name: test1
protocol: TCP
When I do nslookup on my-service.default.svc.cluster.local I can indeed see all my pods.
I also assign each pod individual hostname and subdomain: my-service. Pods now each has a separate DNS A record like: <hostname>.my-service.default.svc.cluster.local. So far, so good. But when I try to access pod (from another container) using domain (and port) <hostname>.my-service.default.svc.cluster.local:111 I got 'Connection refused'. How can I make this work? Am I missing something?
The most probable reason for the issue is the way you are trying to reach the service . If you check what responds to port 111 it will work.
For instance making an http connection on a port that doesnot listen to it will give Connection Refused.
Try to ping or telnet as per your service.
I want to deploy a simple nginx app on my own kubernetes cluster.
I used the basic nginx deployment. On the machine with the ip 192.168.188.10. It is part of cluster of 3 raspberries.
NAME STATUS ROLES AGE VERSION
master-pi4 Ready master 2d20h v1.18.2
node1-pi4 Ready <none> 2d19h v1.18.2
node2-pi3 Ready <none> 2d19h v1.18.2
$ kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
$ kubectl create service nodeport nginx --tcp=80:80
service/nginx created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
my-nginx-8fb6d868-6957j 1/1 Running 0 10m
my-nginx-8fb6d868-8c59b 1/1 Running 0 10m
nginx-f89759699-n6f79 1/1 Running 0 4m20s
$ kubectl describe service nginx
Name: nginx
Namespace: default
Labels: app=nginx
Annotations: <none>
Selector: app=nginx
Type: NodePort
IP: 10.98.41.205
Port: 80-80 80/TCP
TargetPort: 80/TCP
NodePort: 80-80 31400/TCP
Endpoints: <none>
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
But I always get a time out
$ curl http://192.168.188.10:31400/
curl: (7) Failed to connect to 192.168.188.10 port 31400: Connection timed out
Why is the web server nginx not reachable? I tried to run it from the same machine I deployed it to? How can I make it accessible from an other machine from the network on port 31400?
As mentioned by #suren, you are creating a stand-alone service without any link with your deployment.
You can solve using the command from suren answer, or creating a new deployment using the follow yaml spec:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- name: http
containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
type: NodePort
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
After, type kubectl get svc to get the nodeport to access your service.
nginx-svc NodePort 10.100.136.135 <none> 80:31816/TCP 34s
To access use http://<YOUR_NODE_IP>:31816
so is 192.168.188.10 your host ip / your vm ip ?
you have to check it first if any service using that port or maybe you haven't add it into your security group if you using cloud platform.
just to make sure you can create a pod and access it using fqdn like my-svc.my-namespace.svc.cluster-domain.example
I have a corporate network(10.22..) which hosts a Kubernetes cluster(10.225.0.1). How can I access some VM in the same network but outside the cluster from within the pod in the cluster?
For example, I have a VM with IP 10.22.0.1:30000, which I need to access from a Pod in Kubernetes cluster. I tried to create a Service like this
apiVersion: v1
kind: Service
metadata:
name: vm-ip
spec:
selector:
app: vm-ip
ports:
- name: vm
protocol: TCP
port: 30000
targetPort: 30000
externalIPs:
- 10.22.0.1
But when I do "curl http://vm-ip:30000" from a Pod(kubectl exec -it), it returns "connection refused" error. But it works with "google.com". What are the ways of accessing the external IPs?
You can create an endpoint for that.
Let's go through an example:
In this example, I have a http server on my network with IP 10.128.15.209 and I want it to be accessible from my pods inside my Kubernetes Cluster.
First thing is to create an endpoint. This is going to let me create a service pointing to this endpoint that will redirect the traffic to my external http server.
My endpoint manifest is looking like this:
apiVersion: v1
kind: Endpoints
metadata:
name: http-server
subsets:
- addresses:
- ip: 10.128.15.209
ports:
- port: 80
$ kubectl apply -f http-server-endpoint.yaml
endpoints/http-server configured
Let's create our service:
apiVersion: v1
kind: Service
metadata:
name: http-server
spec:
ports:
- port: 80
targetPort: 80
$ kubectl apply -f http-server-service.yaml
service/http-server created
Checking if our service exists and save it's clusterIP for letter usage:
user#minikube-server:~$$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
http-server ClusterIP 10.96.228.220 <none> 80/TCP 30m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 10d
Now it's time to verify if we can access our service from a pod:
$ kubectl run ubuntu -it --rm=true --restart=Never --image=ubuntu bash
This command will create and open a bash session inside a ubuntu pod.
In my case I'll install curl to be able to check if I can access my http server. You may need install mysql:
root#ubuntu:/# apt update; apt install -y curl
Checking connectivity with my service using clusterIP:
root#ubuntu:/# curl 10.128.15.209:80
Hello World!
And finally using the service name (DNS):
root#ubuntu:/# curl http-server
Hello World!
So, in your specific case you have to create this:
apiVersion: v1
kind: Endpoints
metadata:
name: vm-server
subsets:
- addresses:
- ip: 10.22.0.1
ports:
- port: 30000
---
apiVersion: v1
kind: Service
metadata:
name: vm-server
spec:
ports:
- port: 30000
targetPort: 30000
I’m running Kubernetes on GKE, this was working before but about 2 days ago something changed. I don’t think I changed anything to my configuration. My services do not seem to work anymore. None of my services can talk to each other. When SSHing into a running pod I cannot ping them via their service name but also not via their internal IP addresses. The external IP of the load balancer is not approachable. Here is an example of how I define the deployment:
apiVersion: apps/v1beta1
kind: Deployment
metadata:
labels:
ksonnet.io/component: app-name
name: app-name
spec:
replicas: 1
template:
metadata:
labels:
app: app-name
And here the service:
apiVersion: v1
kind: Service
metadata:
labels:
ksonnet.io/component: app-name
name: app-name
spec:
loadBalancerIP: x.x.x.x
ports:
- port: 4999
targetPort: 5000
selector:
app: app-name
type: LoadBalancer
I am fairly new to Kubernetes and networking and I have no clue where to look or how to debug this issue.
EDIT:
Here are the relevant kubectl get services -n test
dashboard ClusterIP 10.47.242.176 <none> 5000/TCP 1h
app-name LoadBalancer 10.47.246.63 x.xxx.xx.xx 4999:31439/TCP 1h
Then here is the kubectl describe service app-name -n test
Name: app-name
Namespace: test
Labels: app.kubernetes.io/deploy-manager=ksonnet
ksonnet.io/component=app-name
Annotations: ksonnet.io/managed: {pristine...}
Selector: app=app-name
Type: LoadBalancer
IP: 10.47.246.63
IP: xx.xxx.xx.x
LoadBalancer Ingress: xx.xxx.xx.x
Port: <unset> 4999/TCP
TargetPort: 5000/TCP
NodePort: <unset> 31439/TCP
Endpoints: 10.44.1.141:5000
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
EDIT 2: I tried the curl command on the default port and it timed out:
curl: (7) Failed to connect to app-name port 80: Connection timed out
When trying it on the full endpoint it got a connection refused:
curl: (7) Failed to connect to app-name port 4999: Connection refused
When looking at the deployment I get the following pod template:
Pod Template:
Labels: app=app-name
Containers:
model-manager:
Image: gcr.io/ns-delay/app-name:0.1
Port: 5000/TCP
Host Port: 0/TCP
As i see your selector in service is not matching the labels in Deployment , change to
metadata:
labels:
app: app-name
in your Deployment and it should work then.
Created a headless service:
myapp-service-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-service-headless
spec:
ports:
- port: 8000
selector:
app: myapp
clusterIP: None
After create it to Kubernetes cluster, check its service status:
$ kubectl create -f myapp-service-headless.yaml
$ kubectl describe service myapp-service-headless
Name: myapp-service-headless
Namespace: default
Labels: <none>
Annotations: <none>
Selector: app=myapp
Type: ClusterIP
IP: None
Port: <unset> 8000/TCP
TargetPort: 8000/TCP
Endpoints: 172.17.0.11:8000,172.17.0.9:8000
Session Affinity: None
Events: <none>
Try to connect 172.17.0.11:8000 or 172.17.0.9:8000, pending and no result.
Here using kube-dns: myapp-service-headless.default.svc.cluster.local in the application. Now it's in the container of pods.
So how to connect to these applications from other application via API? Which IP can been used?
Did you expose your container port inside your Endpoint (Pod)?
From what i knew, the headless service can be used to generate entries in kube-dns based on how you configure the Service, as discussed in this doc.
However, you can create another Service with type: NodePort that selects your backend Pods, and expose them on a NodePort/LB.