0

Does a pod need special permission to access an external service. I have an external service defined, and when I ssh into the pod and do a simple curl against the external service I get an error message saying access Denied. This is how I define the external service (elastic search database running on my host machine)

apiVersion: v1
kind: Service
metadata:
    name: elasticlocal
spec:
    ports:
        - protocol: TCP
          port: 9200
          targetPort: 9200
---
apiVersion: v1
kind: Endpoints
metadata:
    name: elasticlocal
subsets:
    - addresses:
        - ip: 172.17.0.1
      ports:
        - port: 9200
---

Now when I ssh into the pod and run curl http://elasticlocal:9200 I get an access denied error. I am running a k8s cluster on Kind. From what I know 172.17.0.1 exposes localhost on kind. I initially though this is an RBAC issue, but now I am not sure.

tmp dev
  • 8,043
  • 16
  • 53
  • 108
  • Is this a network connection refused or the elasticsearch denied your curl call as you didn't specify --user? Will be good if you paste the complete error message to your question. – gohm'c Feb 10 '22 at 01:24
  • did you try [egress](https://kubernetes.io/docs/concepts/services-networking/network-policies/)? – Lei Yang Feb 10 '22 at 01:43
  • pls add -v in your curl command, and provide us the full log. I guess it's permission issue, not network issue. – Franxi Hidro Feb 10 '22 at 02:33
  • this is what I get with `curl http://elasticlocal:9200 -v` * Trying 10.96.86.55:9200... * connect to 10.96.86.55 port 9200 failed: Connection refused * Failed to connect to elasticlocal port 9200: Connection refused * Closing connection 0 curl: (7) Failed to connect to elasticlocal port 9200: Connection refused – tmp dev Feb 10 '22 at 04:55
  • Based on the logs, It's able to resolve the domain name, "connection refused" means you cannot connect to that IP/port. Where is the pod you do ssh, and where is the elastic pod? Can you try to expose it with service nodeport? – Franxi Hidro Feb 13 '22 at 17:30

0 Answers0