-1

I'm using a Windows host, running CoreOS in Vagrant with VirtualBox provider, and in that CoreOS, I have Kubernetes 0.14.2 single-node cluster running (I couldn't get latest version, 0.15, to work reliably). I have created an nginx service, as provided in Kubernetes Docker guide.

kubectl -s http://localhost:8080 run-container nginx --image=nginx --port=80 --api-version="v1beta2"

kubectl expose rc nginx --port=80 --api-version="v1beta2"

Assuming the Kubernetes service proxy is on 10.0.0.123:80, when I run curl 10.0.0.123 from the CoreOS machine, I get the sample HTML - exactly what I want.

The Vagrant VM has 2 networks - NAT, and a host-only adapter both using virtio-net.

I have setup Vagrant/VirtualBox port forwarding, so when I access the VM from Windows on port 8080, it will access port 80 in the VM, right?

==> coreos-01: Forwarding ports...
    coreos-01: 80 => 8080 (adapter 1)
    coreos-01: 22 => 2222 (adapter 1)

The port forwarding works, because connecting to 127.0.0.1:2222 with ssh works.

Here is the routing that is setup by default and/or by Kubernetes:

 $ sudo iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-N KUBE-PORTALS-CONTAINER
-N KUBE-PORTALS-HOST
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A PREROUTING -j KUBE-PORTALS-CONTAINER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -j KUBE-PORTALS-HOST
-A POSTROUTING -s 10.1.0.0/16 ! -o docker0 -j MASQUERADE
-A KUBE-PORTALS-CONTAINER -d 10.0.0.2/32 -p tcp -m comment --comment "default/kubernetes" -m tcp --dport 443 -j REDIRECT --to-ports 51828
-A KUBE-PORTALS-CONTAINER -d 10.0.0.1/32 -p tcp -m comment --comment "default/kubernetes-ro" -m tcp --dport 80 -j REDIRECT --to-ports 35793
-A KUBE-PORTALS-CONTAINER -d 10.0.0.123/32 -p tcp -m comment --comment "default/nginx" -m tcp --dport 80 -j REDIRECT --to-ports 34303
-A KUBE-PORTALS-HOST -d 10.0.0.2/32 -p tcp -m comment --comment "default/kubernetes" -m tcp --dport 443 -j DNAT --to-destination 10.0.2.15:51828
-A KUBE-PORTALS-HOST -d 10.0.0.1/32 -p tcp -m comment --comment "default/kubernetes-ro" -m tcp --dport 80 -j DNAT --to-destination 10.0.2.15:35793
-A KUBE-PORTALS-HOST -d 10.0.0.123/32 -p tcp -m comment --comment "default/nginx" -m tcp --dport 80 -j DNAT --to-destination 10.0.2.15:34303

My problem is, when I try to run curl 127.0.0.1:8080 from the Windows machine, I get connection refused. How do I get to connect from Windows host to my services running in Kubernetes, e.g. the thing running on 10.0.0.123:80? Thanks!

analytik
  • 125
  • 7
  • Has anyone been able to get this to work? I have kubernetes running inside of a VM, but it isn't port fowarding out to the the host machine. I am on a Mac, but I believe it is the same problem. I attempted the above step, but it didn't seem to bear fruit. I didn't do any ssh tunneling as I am trying to get the port forwarding to work automatically. Any help would be greatly appreciated. Thanks! – milk Sep 12 '15 at 14:44
  • @milk - you need to set up the VM networking properly. One network should be NAT, the other Host-only. This is done already by Pires' Vagrant setup, if you're using that one. – analytik Sep 13 '15 at 14:19
  • @milk - Also, make sure you set up the services properly. With Kubernetes API v1, you need to define the service as with type: "NodePort", and assign a port to the service between 30000-32767, e.g. `- port: 15672` `name: rabbitmq-admin` `targetPort: 15672` `nodePort: 31344` `protocol: TCP` `type: "NodePort"` – analytik Sep 13 '15 at 14:21

1 Answers1

1

You can do this while creating the service, either by adding the field publicIPs to the JSON definition, or by using overrides with the IP address of the VM: kubectl expose rc nginx --port=80 --api-version="v1beta2" --overrides='{"publicIPs": ["172.17.8.101"], "apiVersion": "v1beta2"}'

Another thing that works is configuring Putty - in Connection / SSH / Tunnels, add individual ports, e.g. in this case, local 8080 needs to point to 10.0.0.123:80, so Putty will say L8080 10.0.0.123:80. This is inconvenient, because the service IP isn't static.

Port forwarding in Vagrant/VirtualBox can be removed, it doesn't seem to work.

analytik
  • 125
  • 7