0

I have a Jenkins server, an Ansible server and a Web server all running as ec2 instances. Jenkins server is configured as "GitHub hook trigger for GITScm polling". And also it will copy files (Ansible Playbook, Dockerfile, Deployment and Service definition files on Ansible and Web server's ubuntu instances home directory i.e /home/ubuntu)

I have a Deployment file with following content:


apiVersion: apps/v1
kind: Deployment
metadata:
  name: myfirstdevopsappdeployment
spec:
  replicas: 5
  selector:
    matchLabels:
      name: myapp
  template:
    metadata:
      labels:
        name: myapp
    spec:
      containers:
        - name: myapp
          image: kubemubin/devops-project-one
          ports:
            - containerPort: 8080

I have a Service file with following content:


kind: Service
apiVersion: v1
metadata:
  name: myfirstdevopsservice
spec:
  selector:
    name: myapp
  ports:
    - protocol: "TCP"
      # Port accessible inside cluster
      port: 8081
      # Port to forward to inside the pod
      targetPort: 8080
      # Port accessible outside cluster
      nodePort: 30000
  type: NodePort

After the build either through push to Github or manually from Jenkins panel, the updated files are pushed successfully on Ansible and Web server ec2 instances.

On my Web server instance, when I run 

kubectl get all
I get successful output as follows: 

NAME                                              READY   STATUS    RESTARTS   AGE
pod/myfirstdevopsappdeployment-65d7bf8557-8fn2x   1/1     Running   0          11s
pod/myfirstdevopsappdeployment-65d7bf8557-8hvv2   1/1     Running   0          11s
pod/myfirstdevopsappdeployment-65d7bf8557-f6nxc   1/1     Running   0          11s
pod/myfirstdevopsappdeployment-65d7bf8557-pnr7v   1/1     Running   0          11s
pod/myfirstdevopsappdeployment-65d7bf8557-sb8vz   1/1     Running   0          11s

NAME                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
service/kubernetes             ClusterIP   10.96.0.1               443/TCP          18h
service/myfirstdevopsservice   NodePort    10.99.236.141           8081:30000/TCP   11s

NAME                                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/myfirstdevopsappdeployment   5/5     5            5           11s

NAME                                                    DESIRED   CURRENT   READY   AGE
replicaset.apps/myfirstdevopsappdeployment-65d7bf8557   5         5         5       11s

My minikube status command gives the following output:


minikube
type: Control Plane
host: Running
kubelet: Running
apiserver: Running
kubeconfig: Configured

However I am not able to access the pod website on the internet from my browser: http://<ec2-public-ip-of-web-server>:<service-port>

I have put all these instances in same Security Group. What should I do more to access the website running in pods from the browser on the internet?

I also logged in to one of the pod:

kubectl exec --stdin --tty  -- /bin/sh

I could see the relevant files in /var/www/html directory of the pod

I also executed:

while true;do kubectl port-forward --address 0.0.0.0 svc/myfirstdevopsservice 8080:8081;done

I got this error:
Handling connection for 8080 E0505 05:42:52.702332 119206 portforward.go:409] an error occurred forwarding 8080 -> 8080: error forwarding port 8080 to pod b79c09ba2260934dd48905c44f6e546a1dfa93a1154d094e1e81a89f22652540, uid : exit status 1: 2023/05/05 05:42:52 socat[110790] E connect(5, AF=2 127.0.0.1:8080, 16): Connection refused error: lost connection to pod

Goofy Programmer
  • 3
  • 3
  • Is your instance in a public subnet?(i.e., it has public IP) ? If so do you have a rule in the SG allowing you to connect to the instance? AWS default SG allows all inbound from 0.0.0.0/0 which is any IP but you should restrict this to your IP to avoid "getting hacked" – furydrive May 05 '23 at 12:58
  • @furydrive, yes my instance is in a public subnet (In fact all three instances are in same SG. My Jenkins admin panel, is opening from it's public ip in my browser). And yes, I have allowed all traffic from my ip only – Goofy Programmer May 06 '23 at 01:44
  • Is there a rule in your SG that allows traffic between resources in the same SG, that would be a rule with source the SG it self and port 8080 or ALL. – furydrive May 07 '23 at 08:02
  • No, it wasn't there. Even after I adding this rule of 'All traffic' from SG itself, it is still not working – Goofy Programmer May 08 '23 at 06:08
  • You have not exposed your service I guess? take a look [here](https://kubernetes.io/docs/tutorials/stateless-application/expose-external-ip-address/) – furydrive May 08 '23 at 06:42
  • I tried the example given in the link, that also didn't worked. Coming back to my code, I tried `minikube tunnel` and when I did `nc -l 30000`, I got header response in terminal I also tried `curl http://:30000` and got html body in response But I still can't make it to work on it's public ip – Goofy Programmer May 08 '23 at 10:57
  • Actually irrespective of code deployed, none (not even example code) works. Curl to minikube ip works, but don't work on public ip of the instance – Goofy Programmer May 09 '23 at 09:04
  • curl to minikube ip works from which source? – furydrive May 09 '23 at 11:45
  • I ran it from inside the ec2 host (ssh to that instance and then execute curl there) that has minikube and docker installed i.e the web server – Goofy Programmer May 09 '23 at 15:43
  • Have you added rule to allow access on prot 3000 also 443 from with source your IP? And also can you run 'kubectl expose service myfirstdevopsservice --port=443 --target-port=8081 --name=devops-https' then try both 3000 and 443, one of those should work! – furydrive May 10 '23 at 06:20
  • I have allowed both 3000 and 443 from ec2 instance as well as from minikube ip. Execute the suggested commands. Still not working. I installed apache2 on ubuntu and tried to set up reverse proxy ` ProxyPass / http://192.168.49.2/ ProxyPassReverse / http://192.168.49.2/ ` And enable apache proxy module `sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod proxy_balancer sudo a2enmod lbmethod_byrequests` But only default apache page of host displays on port 80, but doesn't show minikube pod application – Goofy Programmer May 10 '23 at 14:26
  • 2
    Solved by kubectl port forward in background. For anyone who is struggling port forward your minikube pods at nodeport in background: kubectl port-forward --address 0.0.0.0 svc/myfirstdevopsservice 30000:80 & – Goofy Programmer May 10 '23 at 15:46
  • @furydrive , Thank you so much for all your help and for sticking with me in the week long struggle – Goofy Programmer May 11 '23 at 07:08

0 Answers0