1

good day. i have k8s cluster and gitlab installed on dedicated server (as typical application on real OS) i have ingress on k8s which route traffic by host address to gitlab via externalName service

no i need to give access to ssh, so i create service without selector and coresponding endpoint:

apiVersion: v1
kind: Service
metadata:
  name: gitlab-service-ssh
  namespace: host
spec:
  type: NodePort
  ports:
    - protocol: TCP
      port: 22
      nodePort: 30222
---
apiVersion: v1
kind: Endpoints
metadata:
  name: gitlab-service-ssh
  namespace: host
subsets:
  - addresses:
    - ip: 192.168.0.24
    ports:
    - port: 22

i can access to ssh from k8s cluster node via git clone ssh://git@git.xxxxxx:30222/XXXXX and it is work correctly

by if i try to access from any lan computer i receive ssh: connect to host git.xxxxx port 30222: Resource temporarily unavailable

there is no any active firewall or other service on this port (i try to use different port - same result)

so i dont understand there is my fault.

i use k8s of version 1.16 on bare metal with metallb as load balance, host machine under Ubuntu 18.04

Anatoly Kryzhanovsky
  • 11
  • 2

1 Answers1

0

Check if you don't have Nginx installed in the server and it blocks SSH by default. You have to sudo ufw allow ssh.

Also execute : netstat -an | select-string 30222 to check status. Try to connect via IP not hostname. Take a look: ssh-host.

Malgorzata
  • 388
  • 1
  • 5
  • ufw status -> inactive, also i try to connect by ip and hostname - same result, netstat give me some clue - tcp6 0 0 :::30222 :::* LISTEN, so it listen only ipv6, but not ipv4.. try to investigate this direction and post update then get new info – Anatoly Kryzhanovsky Sep 04 '20 at 08:45
  • still no luck there, i cannot find any way to specify protocol for selectorless service. for normal service there are both of protocol used (tcp, tcp6) – Anatoly Kryzhanovsky Sep 09 '20 at 10:36
  • Did you take a look https://serverfault.com/questions/355086/managing-parallel-rules-for-ipv4-and-ipv6-iptables ? – Malgorzata Sep 29 '20 at 13:00