Accessing kubernetes External IP ( LoadBalancer ) from windows 10 when the cluster running under WSL 2

Question

I have nifi container (pods) configured on Kubernetes( Rancher k3d cluster ) on top of WSL 2 Windows 10 ( not with docker desktop ).

https://yannalbou.medium.com/k3d-k3s-k8s-perfect-match-for-dev-and-testing-896c8953acc0

Deployed the nifi and below is the service yaml

$ cat nifi-service.yaml
apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: kompose convert
    kompose.version: 1.21.0 (992df58d8)
  creationTimestamp: null
  labels:
    io.kompose.service: nifi
  name: nifi
spec:
  type: LoadBalancer
  ports:
  - name: "8080"
    port: 8080
    targetPort: 8080
  selector:
    io.kompose.service: nifi
status:
  loadBalancer: {}



$ kubectl get service
NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP      10.43.0.1       <none>        443/TCP          14m
nifi         LoadBalancer   10.43.240.177   172.24.0.2    8080:31123/TCP   12m



$ kubectl get pods
NAME                    READY   STATUS    RESTARTS   AGE
svclb-nifi-48sm9        1/1     Running   0          12m
nifi-6c9856f676-tjzfk   1/1     Running   0          13m


$ kubectl describe pods nifi-6c9856f676-tjzfk
Name:         nifi-6c9856f676-tjzfk
Namespace:    default
Priority:     0
Node:         k3d-k3s-default-server-0/172.24.0.2
Start Time:   Wed, 09 Dec 2020 20:44:36 -0800
Labels:       io.kompose.network/odfe-net=true
              io.kompose.service=nifi
              pod-template-hash=6c9856f676
Annotations:  kompose.cmd: kompose convert
              kompose.version: 1.21.0 (992df58d8)
Status:       Running
IP:           10.42.0.9
IPs:
  IP:           10.42.0.9
Controlled By:  ReplicaSet/nifi-6c9856f676
Containers:
  nifi:
    Container ID:   containerd://a706883ccd30cfe2bd22cd39241bf430e66b4117999554a2316ab47557a28290
    Image:          apache/nifi:latest
    Image ID:       docker.io/apache/nifi@sha256:bf7576ab7ad0bfe38c86be5baa47229d1644287984034dc9d5ff4801c5827115
    Port:           8080/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Wed, 09 Dec 2020 20:47:03 -0800
    Ready:          True
    Restart Count:  0
    Environment:
      NIFI_BASE_DIR:                    /opt/nifi
      NIFI_CLUSTER_IS_NODE:             true
      NIFI_CLUSTER_NODE_PROTOCOL_PORT:  8082
      NIFI_ELECTION_MAX_WAIT:           1 min
      NIFI_HOME:                        /opt/nifi/nifi-current
      NIFI_LOG_DIR:                     /opt/nifi/nifi-current/logs
      NIFI_WEB_HTTP_HOST:               nifi
      NIFI_WEB_HTTP_PORT:               8080
      NIFI_ZK_CONNECT_STRING:           zookeeper:2181
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-x95qx (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  default-token-x95qx:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-x95qx
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  13m   default-scheduler  Successfully assigned default/nifi-6c9856f676-tjzfk to k3d-k3s-default-server-0
  Normal  Pulling    13m   kubelet            Pulling image "apache/nifi:latest"
  Normal  Pulled     10m   kubelet            Successfully pulled image "apache/nifi:latest" in 2m23.415948s
  Normal  Created    10m   kubelet            Created container nifi
  Normal  Started    10m   kubelet            Started container nifi
$


$ curl -XGET http://172.23.0.2:8080


<!DOCTYPE html>
<html>

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <link rel="shortcut icon" href="/nifi/images/nifi16.ico"/>
    <title>NiFi</title>
    <link rel="stylesheet" href="/nifi/assets/reset.css/reset.css" type="text/css"/>
    <link rel="stylesheet" href="/nifi/css/common-ui.css" type="text/css"/>
    <link rel="stylesheet" href="/nifi/fonts/flowfont/flowfont.css" type="text/css"/>
    <link rel="stylesheet" href="/nifi/assets/font-awesome/css/font-awesome.min.css" type="text/css"/>
    <link rel="stylesheet" href="/nifi/css/message-pane.css" type="text/css"/>
    <link rel="stylesheet" href="/nifi/css/message-page.css" type="text/css"/>
    <meta http-equiv="Refresh" content="5; url=/nifi/">
</head>

<body class="message-pane">
<div class="message-pane-message-box">
    <p class="message-pane-title">
        Did you mean: <a href="/nifi/">/nifi</a>
    </p>
    <p class="message-pane-content">You may have mistyped... but we'll try to redirect you in 5 seconds.</p>
</div>
</body>
</html>

ifconfig: WSL

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.22.187.174  netmask 255.255.240.0  broadcast 172.22.191.255
        inet6 fe80::215:5dff:fe24:b429  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:24:b4:29  txqueuelen 1000  (Ethernet)
        RX packets 1316772  bytes 1987244606 (1.9 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 245617  bytes 15676892 (15.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    From powershell ipconfig output for WSL

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::f51e:6d1c:578:2be4%48
   IPv4 Address. . . . . . . . . . . : 172.22.176.1
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :

PS C:\WINDOWS\system32> ping 172.24.0.2  <-- How to reach this IP from Windows???

Pinging 172.24.0.2 with 32 bytes of data:
Request timed out.

Ping statistics for 172.24.0.2:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

I am not good at networking. Wondering if there is any way I can open Kubernetes external IP's (LoadBalancer) to be available in windows? So that these IP's (Example: 172.24.0.2 in this case ) will be reachable from windows and I can access this service as-is? forwarding the port will not work as the service ports (8080 in this case) are not with WSL IP. My end goal is to access nifi ( or any other service ) like this from windows browser http://172.24.0.2:8080/nifi.

The below solution also not worked for me as here the service (8080) is running with Cluster load balancer- https://github.com/microsoft/WSL/issues/4150

Stuck here for a few days. Any help/direction will be great. New in Kubernetes. May be missing fundamental things.

Trying to do kubectl port forward which supposed to work without any issue as per documentation but getting the below error -

$ kubectl get all --all-namespaces
NAMESPACE     NAME                                         READY   STATUS      RESTARTS   AGE
kube-system   pod/helm-install-traefik-fb2kh               0/1     Completed   0          24h
kube-system   pod/traefik-5dd496474-2hfmq                  1/1     Running     0          24h
kube-system   pod/svclb-traefik-bjf9p                      2/2     Running     0          24h
default       pod/nifi-6c9856f676-tjzfk                    1/1     Running     0          24h
default       pod/svclb-nifi-48sm9                         1/1     Running     0          24h
kube-system   pod/coredns-66c464876b-v2qsj                 1/1     Running     0          24h
kube-system   pod/metrics-server-7b4f8b595-gjm85           1/1     Running     0          24h
kube-system   pod/local-path-provisioner-7ff9579c6-fflqt   1/1     Running     1          24h

NAMESPACE     NAME                         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
default       service/kubernetes           ClusterIP      10.43.0.1       <none>        443/TCP                      24h
kube-system   service/kube-dns             ClusterIP      10.43.0.10      <none>        53/UDP,53/TCP,9153/TCP       24h
kube-system   service/metrics-server       ClusterIP      10.43.34.204    <none>        443/TCP                      24h
kube-system   service/traefik-prometheus   ClusterIP      10.43.62.31     <none>        9100/TCP                     24h
kube-system   service/traefik              LoadBalancer   10.43.185.22    172.24.0.2    80:31486/TCP,443:31651/TCP   24h
default       service/nifi                 LoadBalancer   10.43.240.177   172.24.0.2    8080:31123/TCP               24h

NAMESPACE     NAME                           DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
kube-system   daemonset.apps/svclb-traefik   1         1         1       1            1           <none>          24h
default       daemonset.apps/svclb-nifi      1         1         1       1            1           <none>          24h

NAMESPACE     NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   deployment.apps/traefik                  1/1     1            1           24h
default       deployment.apps/nifi                     1/1     1            1           24h
kube-system   deployment.apps/coredns                  1/1     1            1           24h
kube-system   deployment.apps/metrics-server           1/1     1            1           24h
kube-system   deployment.apps/local-path-provisioner   1/1     1            1           24h

NAMESPACE     NAME                                               DESIRED   CURRENT   READY   AGE
kube-system   replicaset.apps/traefik-5dd496474                  1         1         1       24h
default       replicaset.apps/nifi-6c9856f676                    1         1         1       24h
kube-system   replicaset.apps/coredns-66c464876b                 1         1         1       24h
kube-system   replicaset.apps/metrics-server-7b4f8b595           1         1         1       24h
kube-system   replicaset.apps/local-path-provisioner-7ff9579c6   1         1         1       24h

NAMESPACE     NAME                             COMPLETIONS   DURATION   AGE


$> kubectl -n default port-forward --address 0.0.0.0 service/nifi 5000:8080
Forwarding from 0.0.0.0:5000 -> 8080

When trying localhost:5000 from windows browser getting this -

E1210 21:02:13.049280   32370 portforward.go:400] an error occurred forwarding 5000 -> 8080: error forwarding port 8080 to pod b438a055ef4a16ade7ff42e6c26e80122ad5f1b3e2400b4f4991c7c79f89600e, uid : failed to execute portforward in network namespace "/var/run/netns/cni-74542715-faae-d069-139c-cf2ed3a87534": failed to dial 8080: dial tcp4 127.0.0.1:8080: connect: connection refused
    

Answer 1

Win10 should be unable to access your external IP stated by the LoadBalancer service, unless it can get DNS information from the K3s LoadBalancer component (Traefik) or join Traefik's internal network.

If you cannot do kubectl port forward. I suggest you to use NodePort instead of LoadBalancer for your nifi. You should be able to access your service from win10 through the port stated by NodePort service also.

You can check a simple NodePort example below

$ kubectl get pod,svc --selector=run=my-app
NAME                          READY   STATUS    RESTARTS   AGE
pod/my-app-85bcd5f479-f7dgj   1/1     Running   0          31m
pod/my-app-85bcd5f479-p7lgz   1/1     Running   0          31m

NAME             TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
service/my-app   NodePort   10.107.182.56   <none>        8080:31684/TCP   31m

You can now access the app from both WSL2 and Win10

$ curl localhost:31684
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Index page</title>
</head>
<body>
The hostname of the container is <b>my-app-85bcd5f479-f7dgj</b> and its IP is <b>10.1.45.156</b>.
</body>

>curl.exe localhost:31684
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Index page</title>
</head>
<body>
The hostname of the container is <b>my-app-85bcd5f479-f7dgj</b> and its IP is <b>10.1.45.156</b>.
</body>
</html>