1
votes

When I set a nginx deployment (replica=1) and a service (nodeport) for nginx, I can access the service (http) from any other pod via CLUSTER-IP, but I cannot access the service in the nginx pod itself. Is there any reason for this limitation?

The steps to simulate this kind of behavior:

1) Create the nginx deployment

kubectl create deployment nginx --image=helioay/nginx

2) Create the service (nodeport)

kubectl create service nodeport nginx --tcp=80:80

3) Check the pod and service

[helio@kub-1 nginx]$ kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-67f769c566-jfhxl   1/1     Running   0          22m

[helio@kub-1 nginx]$ kubectl get services
NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.43.0.1     <none>        443/TCP        45h
nginx        NodePort    10.43.3.216   <none>        80:31790/TCP   20m

4) Run another container/pod with Centos and I can see that I can access nginx calling the CLUSTER-IP defined by service:

[helio@kub-1 nginx]$ kubectl run -it --rm --image=centos -- bash
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
If you don't see a command prompt, try pressing enter.
[root@bash-5d65698d48-klgvz /]# curl nginx
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

5) Connecting to nginx pod and calling (curl) nginx via CLUSTER-IP... no response:

[helio@kub-1 nginx]$ kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-67f769c566-jfhxl   1/1     Running   0          25m
[tecnotree@kub-1 nginx]$ kubectl exec -it nginx-67f769c566-jfhxl /bin/bash
root@nginx-67f769c566-jfhxl:/# curl nginx

^C
root@nginx-67f769c566-jfhxl:/# curl 10.43.3.216

^C

==> It´s possible to see that DNS is resolving the nginx name, but somehow it cannot actually reach nginx application.

I have tried to use NodePort and ClusterIP service configuration, but always same behavior.

I would expect that I could access the CLUSTER-IP from any POD in the kubernet cluster.... is there any special reason for this behavior or a way to get this working?

1
What is showing your cat /etc/resolv.conf, nslookup hello, netstat -tlnp, What image are you using?Mark
Hi @Hanx. After googling a lot I could find the following issue on kubernet. github.com/kubernetes/kubernetes/issues/20475 I have tried some workarounds but it has not worked yet. ThanksHelio Aymoto

1 Answers

1
votes

This is the standard behaviour.

In minikube you can solve the issue running:

minikube ssh
sudo ip link set docker0 promisc on

There are several issues opened/closed

The whole behaviour is quite obscure