How to connect to kubernetes endpoint?

Question

I have created a kubernetes service:

[root@Infra-1 kubernetes]# kubectl describe service gitlab 
Name:           gitlab
Namespace:      default
Labels:         name=gitlab
Selector:       name=gitlab
Type:           NodePort
IP:         10.254.101.207
Port:           http    80/TCP
NodePort:       http    31982/TCP
Endpoints:      172.17.0.4:80
Port:           ssh 22/TCP
NodePort:       ssh 30394/TCP
Endpoints:      172.17.0.4:22
Session Affinity:   None
No events.

However, am unable to connect to connect to the Endpoint, not even from the shell on the node host:

 [root@Infra-2 ~]# wget 172.17.0.4:80
 --2015-12-08 20:22:27--  http://172.17.0.4:80/
 Connecting to 172.17.0.4:80... failed: Connection refused.

Calling wget localhost:31982 on the NodePort also gives a Recv failure: Connection reset by peer and the kube-proxy logs error messages:

 Dec 08 20:13:41 Infra-2 kube-proxy[26410]: E1208 20:13:41.973209   26410 proxysocket.go:100] Dial failed: dial tcp 172.17.0.4:80: connection refused
 Dec 08 20:13:41 Infra-2 kube-proxy[26410]: E1208 20:13:41.973294   26410 proxysocket.go:100] Dial failed: dial tcp 172.17.0.4:80: connection refused
 Dec 08 20:13:41 Infra-2 kube-proxy[26410]: E1208 20:13:41.973376   26410 proxysocket.go:100] Dial failed: dial tcp 172.17.0.4:80: connection refused
 Dec 08 20:13:41 Infra-2 kube-proxy[26410]: E1208 20:13:41.973482   26410 proxysocket.go:100] Dial failed: dial tcp 172.17.0.4:80: connection refused
 Dec 08 20:13:41 Infra-2 kube-proxy[26410]: E1208 20:13:41.973494   26410 proxysocket.go:134] Failed to connect to balancer: failed to connect to an endpoint.

What could be the reason for this failure?

Here is my service configuration file http://pastebin.com/RriYPRg7, a slight modification of https://github.com/sameersbn/docker-gitlab/blob/master/kubernetes/gitlab-service.yml

Answer 1

It's actually the Pod or Replication Controller that is having the issue because it is not forwarding to the service. Perhaps post that config or make sure it has port specified and its containers' processes are listening to the right port

Original

It's the NodePort that is actually exposed outside of the pod. Port is the port on the NAT network within the node and Port is what the process inside the container should bind to, the usually using service discovery. Other pods will talk to that pod on the NodePort. If you want to set the NodePort explicitly for say a web server, then in you Pod's definition or a replication controller or service definition, explicitly set NodePort to the desired port.

There for Port: 80 would be say nginx inside a container listening on port 80, then NodePort: 4980 would be the exposed port. So you would wget <Node IP>:4980.

As far as fixing your particular situation, I recommend not complicating it as much and explicitly set TargetPort and NodePort.

Answer 2

In addition to "NodePort" types of services there are some additional ways to be able to interact with kubernetes services from outside of cluster. Maybe they will be more "natural" and easy:

• Use service type "LoadBalancer". It works only for some cloud providers and will not work for virtualbox for example, but I think it will be good to know about that feature. In that case you will get not only "internal cluster-only" ip address for your service but also externally configured load balancer to access it (in aws/gce etc.) Link to the documentation
• Use one of the latest features called "ingress". Here is description from manual "An Ingress is a collection of rules that allow inbound connections to reach the cluster services. It can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.". Link to the documentation
• If kubernetes is not strict requirements and you can switch to latest openshift origin (which is "kubernetes on steroids") you can use origin feature called "router".
  • Information about openshift origin.
  • Information about openshift origin routes