2

I started the kubernetes cluster using kubeadm on two servers rented from DigitalOcean. I use Flannel as CNI. After launching the cluster, I, following this tutorial, created deployment and service. 

$ kubectl describe svc example-service
Name:                     example-service
Namespace:                default
Labels:                   <none>
Annotations:              <none>
Selector:                 run=load-balancer-example
Type:                     NodePort
IP:                       10.99.217.181
Port:                     <unset>  8080/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  31570/TCP
Endpoints:                10.244.1.2:8080,10.244.1.3:8080
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

Trying to access to pods from master node(server1)

$ curl 10.244.1.2:8080
curl: (7) Failed to connect to 10.244.1.2 port 8080: Connection timed out
$ curl 10.244.1.3:8080
curl: (7) Failed to connect to 10.244.1.3 port 8080: Connection timed out
$ curl curl 10.99.217.181:8080
curl: (7) Failed to connect to 10.99.217.181 port 8080: Connection timed out
$ curl [server1-ip]:31570
curl: (7) Failed to connect to [server1-ip] port 31570: Connection timed out
$ curl [server2-ip]:31570
curl: (7) Failed to connect to [server2-ip] port 31570: Connection timed out

Trying to access to pods from worker node(server2)

$ curl 10.244.1.2:8080
Hello Kubernetes!
$ curl 10.244.1.3:8080
Hello Kubernetes!
$ curl curl 10.99.217.181:8080
Hello Kubernetes!
$ curl [server1-ip]:31570
curl: (7) Failed to connect to [server1-ip] port 31570: Connection timed out
$ curl [server2-ip]:31570
Hello Kubernetes!
Andrey
  • 21
  • 1
  • 5
  • 2
    Not familiar with DO, but presumably they have some kind of firewall. Have you opened access from the outside to that port on that node? – johnharris85 Jul 28 '19 at 13:58
  • @johnharris85 Yes, I opened. Moreover, if I try to connect to a closed port, then I get connection refused – Andrey Jul 28 '19 at 14:28
  • Did set rule to allow the NodePort? I mean, for example, for ubuntu to allow a tcp port through the firewall the cmd is something like this, `$ sudo ufw allow ` or `$ sudo ufw allow /tcp`. – Shudipta Sharma Jul 28 '19 at 18:37
  • Shouldn't kubernetes add iptables rules on its own? – Andrey Jul 28 '19 at 19:18
  • 1
    Kubernetes creates iptables rules, but there might still be network traffic policies outside the instances. Can you ping your worker node from the master node? You could try the [troubleshooting guide here](https://gravitational.com/blog/troubleshooting-kubernetes-networking/). – char Jul 29 '19 at 07:27
  • 1
    Could you also provide output of `kubectl get all --all-namespaces -o wide` ? – PjoterS Jul 29 '19 at 13:28

0 Answers0