1

First, let me show the kubernetes entities from a namespace called "kong":

[projadmin@VOFDGSTP1 ~]$ kubectl get all -n kong
NAME                               READY   STATUS    RESTARTS   AGE
pod/ingress-kong-5d997d864-wsmsw   2/2     Running   2          13d

NAME                              TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
service/kong-proxy                LoadBalancer   10.100.200.3     <pending>     80:31180/TCP,443:31315/TCP   13d
service/kong-validation-webhook   ClusterIP      10.100.200.175   <none>        443/TCP                      13d

NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-kong   1/1     1            1           13d

NAME                                     DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-kong-5d997d864   1         1         1       13d

When I am trying to ping the IPs from above, I am getting timeout error.

[projadmin@VOFDGSTP1 ~]$ curl -i 10.100.200.175
curl: (7) Failed connect to 10.100.200.175:80; Connection timed out
[projadmin@VOFDGSTP1 ~]$ curl -i 10.100.200.176
curl: (7) Failed connect to 10.100.200.176:80; Connection timed out
[projadmin@VOFDGSTP1 ~]$ curl -i 10.100.200.3
curl: (7) Failed connect to 10.100.200.3:80; Connection timed out
Ashish Jain
  • 447
  • 1
  • 6
  • 20
  • Are you performing the commands inside the cluster node? If not you can use [kube port-forward](https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/) to reach the service from your machine. Please provide more details about what you need to do, and how did you setup the services. – Mr.KoopaKiller Feb 07 '20 at 12:05
  • Am able to run the commands on a PuTTY terminal in Windows. How do I check if this machine is part of cluster? Am trying to setup up Kong. I need to test connectivity to Kong as shown in this page: https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/getting-started.md#testing-connectivity-to-kong – Ashish Jain Feb 10 '20 at 10:35
  • You could use the command `kubectl get nodes -owide` to retrive the list of nodes. – Mr.KoopaKiller Feb 11 '20 at 09:41

2 Answers2

2

By the information you shared I could suppose you are trying to run the command outside the Cluster.

If you are doing this, it will not working, because you can't reach the ClusterIP services outside the cluster.

ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType.

To check if the server you are connected is part of the cluster, type kubectl get nodes -owide e try to find the the ip in the list.

I see your service service/kong-proxy is with EXTERNAL-IP: <pending>, it's probably is occurring because you are trying to use a bare metal installation of Kubernetes, in this case you need to use MetalLB to make your LoadBalancer configuration working.

An alternative to test your service is use kubectl port-foward, this will map your service to localhost and you can acces by http://localhost:8080. Example:

kubectl port-forward svc/kong-proxy -n kong 8080:80

This command will map your service on port 8080 of your localhost.

References:

Services types

MetalLB

port-forward

Mr.KoopaKiller
  • 3,665
  • 10
  • 21
  • 1
    THATS IT! After one week debugging a bare metal deploy in a Contabo server the problem was due to the lack of mapping between the machine and the cluster. Thank you a lot! – Pedro Frattezi Silva Mar 03 '21 at 14:41
0

Cluster IPs are not reachable from outside the cluster and from host machines where kubernetes is deployed. You need to use service of type Load Balancer or Nodeport to access it from outside the cluster or form host machines.

Looking at status pending for external IP of LoadBalancer type service it seems you are not deploying kubernetes on public cloud providers. LoadBalancer type service only works on suppported cloud providers(ex AWS, GCP).

If you are on prem then Nodeport Type service is what you can use.

From Kong docs on when to use Nodeport while deploying Kong.

If your Kubernetes cluster is running in a cloud environment, where Load Balancers can be provisioned with relative ease, it is recommended that you use a Service of type LoadBalancer to expose Kong to the outside world. For the Ingress Controller to function coorrectly, it is also required that a L4 (or TCP) Load Balancer is used and not an L7 (HTTP(s)) one.

If your Kubernetes cluster doesn't support a service of type LoadBalancer, then it is possible to use a service of type NodePort.

Arghya Sadhu
  • 41,002
  • 9
  • 78
  • 107