-1

I have 1 Master and 2 worker nodes. I dont want to use a hosted Kubernetes solution. The servers live in separate hosting providers (not sure if this is important). I want to be able to access my web application. Im not sure if this means I need to connect to the Pod directly or use some type of load balancing. I figured that right now, the app is running on one Node, but I might want to scale up it so then I would need a solution for a more "dynamic lookup". I have not tried Ingress yet, not sure if that would help. I tried using NodePort ( since im only running one replica right now) and that doesn't work, and also, from what I've read about NodePort this could be a slight security risk. So then I tried MetalLB, since Im not using a cloud-load balancer, and although <External - IP> is allocated (a private IP allocated from the range of IPs for both worker nodes), I thought I could connect to the application with one (or both) of the Nodes that exist within the cluster, ie. Worker1 -> Worker2 but I still can't connect to the application. If I can use MetalLB Id like to use it, but if NodePort is the only option I can revert to that and try to make it work. I know Im missing something, whether IP tables configuration (I didn't adjust it, I was confused about what chain to update) or just not using the correct Service. Im using Flannel CNI as well. Just to add I have installed tcdump and arping. arping works on the Node that has the load balancer but that's all, any other node doesn't work. If not obvious by now I am a beginner in Kubernetes, so I probably got something screwed up somewhere. I feel like in both instances (NodePort/LB) I am close. Below is the configuration for Metallb.

End Goal:

from ANY location curl http://<some-ip>:80000

I've followed:

the section on metal https://www.datapacket.com/blog/build-kubernetes-cluster but changed to the updated CRD of IPAddressPool

For NodePort:

https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

https://github.com/nigelpoulton/TheK8sBook and the supplemental reading

apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: dispatch
  namespace: metallb-system
spec:
  ipAddressPools:
  - config

apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  namespace: metallb-system
  name: config
spec:
  addresses:
    - <worker1 range of IPs> # based of worker 1 IP
    - <worker2 range of IPs> # based of worker 2 IP


apiVersion: v1
kind: Service
metadata:
  name: app-balancer
spec:
  type: LoadBalancer
  ports:
  - name: app
    port: 8000
    protocol: TCP
    targetPort: 8000
  selector:
    app: my-app
Vahit Keskin
  • 274
  • 1
  • 9
enjoi4life411
  • 568
  • 5
  • 11
  • You have two options: Reverse-Proxy that points to an Ingress Controller or Metallb. Both should work. But if connecting via NodePort doesn't work, those wont too, so you need to fix that first – Chris Aug 11 '23 at 13:36
  • So if I use an Ingress Controller, than I have to use NodePort? NodePort seems to only works with port forwarding. Does this mean its an issue with IPtables? FTIW `ufw` isnt enabled. – enjoi4life411 Aug 11 '23 at 15:27
  • Ingress in kubernetes always works with a nodeport and forwarded to the pod, regardless of what you use. – Chris Aug 11 '23 at 15:41

1 Answers1

0

I figured it out. My django app was listening on the correct port (8000), but wrong host. I changed the host to all ports, and updated the ALLOWED_HOSTS fields, and it worked. No Ingress required.

enjoi4life411
  • 568
  • 5
  • 11