2

I've installed kubernetes cluster with help of Kubespray. Cluster having 3 Nodes (2 Master & 1 Worker). node1 - 10.1.10.110, node2 - 10.1.10.111, node3 - 10.1.10.112

$ kubectl get nodes
NAME    STATUS   ROLES    AGE   VERSION
node1   Ready    master   12d   v1.18.5
node2   Ready    master   12d   v1.18.5
node3   Ready    <none>   12d   v1.18.5

I deployed this pod in node1 (10.1.10.110) and exposed nodeport service as shown.

NAMESPACE     NAME                                              READY   STATUS    RESTARTS   AGE     IP             NODE    NOMINATED NODE   READINESS GATES

default       pod/httpd-deployment-598596ddfc-n56jq             1/1     Running   0          7d21h   10.233.64.15   node1   <none>           <none>
---
NAMESPACE     NAME                                TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE     SELECTOR

default       service/httpd-service               NodePort    10.233.16.84    <none>        80:31520/TCP             12d     app=httpd

Service description

$ kubectl describe services -n default httpd-service
Name:                     httpd-service
Namespace:                default
Labels:                   <none>
Annotations:              <none>
Selector:                 app=httpd
Type:                     NodePort
IP:                       10.233.16.84
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  31520/TCP
Endpoints:                10.233.64.15:80
Session Affinity:         None
External Traffic Policy:  Cluster

Question: I can able to access the service from node1:31520 (where the pod actually deployed) but can't able to access the same service from other nodes (node2:31520 (or) node3:31520)

$curl http://10.1.10.110:31520
<html><body><h1>It Works!</h1></body></html>

but if I curl with other node IP, timed out response

$curl http://10.1.10.111:31520
curl (7): Failed connect to 10.1.10.111; Connection timed out

$curl http://10.1.10.112:31520
curl (7): Failed connect to 10.1.10.112; Connection timed out

Can anyone suggest what I am missing ?

Jonas
  • 121,568
  • 97
  • 310
  • 388
Kumaran
  • 25
  • 2
  • 6

2 Answers2

3

Ideally you should be able to access a pod via NodePort using any of the nodes IP. If kube-proxy or CNI Plugin(calico etc) are not working properly in your cluster then it can cause the problem where pod is not reachable via a Nodes IP on which the Pod is not scheduled.

Check this related question kubernetes: cannot access NodePort from other machines

Arghya Sadhu
  • 41,002
  • 9
  • 78
  • 107
1

Because you have only one pod on 10.1.10.110

Your curl is wrong, you didn't deploy a pod on 111 and 112 nodes, this is the reason that the endpoints aren't working. Just execute curl http://10.1.10.110:31520 on the other nodes and it will work

Sergio Tanaka
  • 1,325
  • 1
  • 6
  • 18
  • Yeah! I can able to do 'curl http://10.1.10.110:31520' from all the nodes. So replica of the same pod to be deployed in all the nodes ? I'm new to k8 cluster, correct me if I am wrong. – Kumaran Jul 14 '20 at 15:39
  • Yes, because you are using node port. The nodeport service exposes the port on the node IP. If you want to expose this port on the entire cluster, you need to use ClusterIP - https://kubernetes.io/docs/concepts/services-networking/service/ – Sergio Tanaka Jul 14 '20 at 15:42
  • 4
    @SergioTanaka That is not true. NodePort service exposes ALSO on each node in the cluster with a port within the 30000-32767 but acts the same as ClusterIP. Kumaran, if you can only connect with the node that has the pod running, something is wrong with your overlay networking. – Yosh Jan 05 '21 at 20:09