We are trying to use Kong Ingress as an internal API GW to communicate between pods/services inside the same cluster. But the connection fails when one pod tries to communicate with the other with “connection refused”. It is successful when the service is accessed from outside cluster using Kong ingress.
Below is our observation
- Curl from inside Pod1->pod2 => successful
$ curl -s http://pod2-service.ns-common.svc.cluster.local:8008 -v
* Trying [xxxx:xxxx:xxx:xxxx:xxxx:2:0:fe65]:8008...
* Connected to pod2-service.ns-common.svc.cluster.local (xxxx:xxxx:xxx:xxxx:xxxx:2:0:fe65) port 8008 (#0)
- Curl from outside cluster -> kong -> pod2 => successful (this is done using port-forward)
$ kubectl port-forward svc/kong-proxy -n ns-common 30099:80
Forwarding from 127.0.0.1:30099 -> 8000
Forwarding from [::1]:30099 -> 8000
$ curl -s http://[::1]:30099/v1/health -v
* Trying ::1...
* TCP_NODELAY set
* Connected to ::1 (::1) port 30099 (#0)
> GET /v1/health HTTP/1.1
> Host: [::1]:30099
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
- Curl from inside Pod1->kong->pod2 => fails. $ curl http://kong-proxy.ns-common.svc.cluster.local:80 -v
- Trying [xxxx:xxxx:xxx:xxxx:xxxx:2:0:8e00]:80...
- connect to xxxx:xxxx:xxx:xxxx:xxxx:2:0:8e00 port 80 failed: Connection refused
Below is the ingress used for pod2 application
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pod2-ingress-srv
namespace: ns-common
spec:
ingressClassName: kong
rules:
- host:
http:
paths:
- path: /v1/health
pathType: Prefix
backend:
service:
name: pod2-service
port:
number: 8008
Could anyone provide any guidance?
