1

I created an ACS (Azure Container Service) using Kubernetes by following this link : https://learn.microsoft.com/en-us/azure/container-service/container-service-kubernetes-windows-walkthrough & I deployed my .net 4.5 app by following this link : https://learn.microsoft.com/en-us/azure/container-service/container-service-kubernetes-ui . My app needs to access Azure SQL and other resources that are part of some other resource groups in my account, but my container is not able to make any outbound calls to network - both inside azure and to internet. I opened some ports to allow outbound connections, that is not helping either.

When I create an ACS does it come with a gateway or should I create one ? How can I configure ACS so that it allows outbound network calls ?

Thanks,

Ashok.

ashok
  • 95
  • 1
  • 7

2 Answers2

4

Outbound internet access works from an Azure Container Service (ACS) Kubernetes Windows cluster if you are connecting to IP Addresses other than the range 10.0.0.0/16 (that is you are not connecting to another service on your VNET).

Before Feb 22,2017 there was a bug where Internet access was not available.

Please try the latest deployment from ACS-Engine: https://github.com/Azure/acs-engine/blob/master/docs/kubernetes.windows.md., and open an issue there if you still see this, and we (Azure Container Service) can help you debug.

A Howe
  • 122
  • 2
  • If I just deployed an ACS using the portal today 4/19/17 would you expect the internet access bug to be fixed? I've logged into the windows VMs and they can access the internet and have create a docker container directly from remote desktop on the vm and it can access the internet. However if I deploy via Kubernetes then the containers can't access the internet. I'm attempting to download a blob from azure storage. – Jack Woodward Apr 19 '17 at 22:46
  • 1
    well actually after the container has been running for 2 minutes the internet can be accessed??? – Jack Woodward Apr 20 '17 at 00:02
  • http://stackoverflow.com/questions/43526975/azure-acs-kubernetes-windows-containers-delayed-access-to-internet – Jack Woodward Apr 20 '17 at 18:17
0

For the communication with service running inside the cluster, you can use the Kube-dns which allows you to access service by its name. You can find more details at https://kubernetes.io/docs/admin/dns/

For the external communication (internet), there is no need to create any gateway etc. By default your containers inside a pod can make outbound connections. To verify this, you can run powershell in one of your containers and try to run 

wget http://www.google.com -OutFile testping.txt
Get-Contents testping.txt

and see if it works.

To run powershell, ssh to your master node - instructions here

kubectl exec -it <pod_name> -- powershell
Muhammad Faizan
  • 863
  • 1
  • 7
  • 16
  • Thank you. I am running this code in my container: `public static bool CheckForInternetConnection() { try { using (var client = new WebClient()) using (var stream = client.OpenRead("http://www.google.com")) { return true; } } catch(Exception ex) { Console.WriteLine(ex.ToString()); return false; } } ` And this is returning me false. So I am think it is not able to connect. – ashok Mar 15 '17 at 20:53