Kubernetes: The service manifest doesn't provide an endpoint to access the application

Question

This yaml tries to deploy a simple Arangodb architecture in k8s, I know there are operators for ArangoDB, but it is a simple PoC to understand k8s pieces and iterate this db with other apps.

The problem is this YAML file executes correctly but I don't get any IP:PORT to connect, however when I execute that docker image in local it works.

# create: kubectl apply -f ./arango.yaml
# delete: kubectl delete -f ./arango.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: nms
  name: arangodb-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: arangodb-pod
  template:
    metadata:
      labels:
        app: arangodb-pod
    spec:
      containers:
      - name: arangodb
        image: arangodb/arangodb:3.5.3
        env:
        - name: ARANGO_ROOT_PASSWORD
          value: "pass"
        ports:
        - name: http
          containerPort: 8529
          protocol: TCP
        resources:
          limits:
            cpu: 100m
            memory: 128Mi
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  namespace: nms
  name: arangodb-svc
spec:
  type: LoadBalancer
  selector:
    app: arangodb-pod
  ports:
  - targetPort: 8529
    protocol: TCP
    port: 8529
    targetPort: http
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  namespace: nms
  name: arango-storage
  labels:
    app: arangodb-pod
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi

Description seems clear:

NAME           TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
arangodb-svc   LoadBalancer   10.0.150.245   51.130.11.13        8529/TCP   14m

I am executing kubectl apply -f arango.yaml from AKS but I cannot access to any IP:8529. Some recommendations?

I would like to simulate these commands:

docker run -p 8529:8529 -e ARANGO_ROOT_PASSWORD=pass -d --name arangodb-instance arangodb/arangodb:3.5.3
docker start arangodb-instance

Answer 1

You must allow the NodePort 31098 at NSG level from your VNet configuration and attach that NSG rule to AKS cluster.

Also please try and update the service manifest with the changes that you went through with the help in comments.

  - targetPort: 8529
    protocol: TCP
    port: 8529
    targetPort: http --< **Its completely wrong field, the manifest wont be parsed.**

The above manifest is wrong, for NodePort (--service-node-port-range=30000-32767) the manifest should look something like this:

  spec:
  type: NodePort
  selector:
    app: arangodb-pod
  ports:
      # By default and for convenience, the `targetPort` is set to the same value as the `port` field.
    - name: http
      port: 8529
      targetPort: 8529
      # Optional field
      nodePort: 31044

You can connect at public-NODE-IP:NodePort from outside AKS.

For service type loadbalancer, your manifest should look like:

  spec:
  type: LoadBalancer
  selector:
    app: arangodb-pod
  ports:
    - name: http
      protocol: TCP
      port: 8529
      targetPort: 8529

For LoadBalancer you can connect with LoadBalancer-External-IP:external-port

However, in both the above cases NSG whitelist rule should be there. You should whitelist your local machine's IP or the IP of the machine from wherever you are accessing it.

Answer 2

you have to ingress controller or you could also go with loadbalancer type as service assiging a static ip which you prefer. Both will work