Reputation: 2089
Ingress controller NodePort not reachable from outside
I have a cluster of 3 vm on which I install kubernetes and deployed some pods and services that I would like to be accessible from outside (my local pc for exemple)
I followed this tutorial https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal to install my ingress controller. I have created a service of type NodePort. I have created a ingress that looks like this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: my.service.com
http:
paths:
- path: /
backend:
serviceName: myservice
servicePort: 9090
kubectl get svc myservice gives me:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myservice NodePort xxx.xxx.xxx.xxx <none> 9090:31220/TCP 47m
kubectl get ingress test-ingress gives me
NAME HOSTS ADDRESS PORTS AGE
test-ingress my.service.com xx.xxx.xxx.xxx 80 49m
On my local computer I have added to /etc/hosts I have mapped the ip address of the ingress to the name my.service.com When I try to ping my.service.com or directly the ip I go request timeout 100% packet loss. I tried to reach my service visual interface with the web browser and it does not work either.
How can I investigate further why I can't access to my service from outside the cluster ?
Upvotes: 3
Views: 2478
Answers (3)
Reputation: 950
There is probably an issue with your firewall. Check the firewall rules if they are blocking access from outside to that port.
Also you should access the service from the NodePort of the service you created while deploying the ingress controller.
Also edit your ingress and add the tls and hosts property with a self signed certificate for my.service.com
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: nginx
spec:
tls:
- hosts:
- my.service.com
secretName: tls-secret-for my service
rules:
- host: my.service.com
http:
paths:
- path: /
backend:
serviceName: myservice
servicePort: 9090
Upvotes: 4
Reputation: 44559
You should be able to curl with a host header set to www.my.service.com
curl --verbose --header 'Host: www.my.service.com' http://nodeip:nodeport/
Upvotes: 1
Reputation: 3463
It is not possible to ping a Kubernetes service IP.
IP for services are virtual IP, thus they are not pingable.
To test you ingress, you should try to reach your service with curl instead.
Upvotes: 1
Related Questions
- service via ingress not reachable, only via nodeport:ip
- Kubernetes ingress not routing
- External IP pending ingress controller
- Ingress Controller can't be connect outside
- Ingress controller is not routing to root
- Kubernetes ingress controller expose to specific port
- Why isn't my ingress controller route traffic from my external IP to the service in my cluster?
- How to make an Ingress Controller send traffic to outside IP?
- Ingress cannot resolve NodePort IP in GKE
- Kubernetes Ingress - Ingress to service routing not working