2

From Pod to localhost, ssh works well. And ping also works well with each other. There is centos7 in Pod. Also, openssh-server is installed in Pod. But there is always an error.

kubectl get pods -o wide

NAME                   READY   STATUS    RESTARTS   AGE   IP             NODE      NOMINATED NODE
hadoop-master-pod      1/1     Running   0          39m   10.244.9.25    slave10   <none>
hadoop-secondary-pod   1/1     Running   0          48m   10.244.11.11   slave12   <none>

ssh 10.244.9.25

ssh: connect to host 10.244.9.25 port 22: Connection refused
K.k
  • 367
  • 1
  • 8
  • 17

2 Answers2

0

You should be able to connect using kubectl exec -it hadoop-master-pod -- /bin/bash

Then You can check if your pod in listening on port 22 for 0.0.0.0

Check the iptables if there is nothing blocked.

Make sure openssh is running and on which port it's running.

Crou
  • 10,232
  • 2
  • 26
  • 31
  • `systemctl stop firewalld` at locahost. Do I still have to check `iptables`? – K.k Oct 18 '18 at 00:08
  • I would assume you have just one working at given time, so stopping firewalld would suffice. But can you tell, why do you really need to ssh into a pod? If this is really needed then I think you have to do what @Hansika Madushan Weerasena suggested, which is exposing port 22 via service. – Crou Oct 18 '18 at 08:15
  • I understand that you have [Persistant Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) attached to each pod and those cluster configuration will be stored there? You have to keep in mind that if pod dies or crashes, k8s will create a new one from the image have inside deployment .yaml, names will change and IP's as well. – Crou Oct 18 '18 at 09:23
  • Thank you. You're right. But trying Service doesn't work. I left Container port open and set target port of Service to Container port. – K.k Oct 18 '18 at 13:51
  • Have you exposed the port? You can find explanation [here](https://stackoverflow.com/questions/29770679/how-to-expose-kubernetes-service-to-public-without-hardcoding-to-minion-ip) – Crou Oct 18 '18 at 13:56
  • Thank you for your help. – K.k Oct 18 '18 at 14:31
0

10.244.9.25 IP is an internal IP address given to pod by Kubernetes ( you can read more about Kubernetes networking model here ) to use inside Kubernets cluster so you won't be able to SSH or even to ping to these IPs from outside the cluster. In other words the network containing 10.244.9.25 is like a private network inside the K8 cluster and your host machine (localhost) is on different network.

If you want to get into the container for example in here you can use kubectl exec -it hadoop-master-pod -- /bin/bash or /bin/sh depending on the shell installed in the container and you can do anything that you tried to do by SSH into the pod.

If you really want to SSH into the pod from localhost (outside the cluster) you can write a Kubernetes Service probably exposing over NodePort which will expose the 22 (default port of SSH) to outside via NodePort.

Hansika Weerasena
  • 3,046
  • 1
  • 13
  • 22