When I set a nginx deployment (replica=1) and a service (nodeport) for nginx, I can access the service (http) from any other pod via CLUSTER-IP, but I cannot access the service in the nginx pod itself. Is there any reason for this limitation?
The steps to simulate this kind of behavior:
1) Create the nginx deployment
kubectl create deployment nginx --image=helioay/nginx
2) Create the service (nodeport)
kubectl create service nodeport nginx --tcp=80:80
3) Check the pod and service
[helio@kub-1 nginx]$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-67f769c566-jfhxl 1/1 Running 0 22m
[helio@kub-1 nginx]$ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 45h
nginx NodePort 10.43.3.216 <none> 80:31790/TCP 20m
4) Run another container/pod with Centos and I can see that I can access nginx calling the CLUSTER-IP defined by service:
[helio@kub-1 nginx]$ kubectl run -it --rm --image=centos -- bash
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
If you don't see a command prompt, try pressing enter.
[root@bash-5d65698d48-klgvz /]# curl nginx
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
5) Connecting to nginx pod and calling (curl) nginx via CLUSTER-IP... no response:
[helio@kub-1 nginx]$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-67f769c566-jfhxl 1/1 Running 0 25m
[tecnotree@kub-1 nginx]$ kubectl exec -it nginx-67f769c566-jfhxl /bin/bash
root@nginx-67f769c566-jfhxl:/# curl nginx
^C
root@nginx-67f769c566-jfhxl:/# curl 10.43.3.216
^C
==> It´s possible to see that DNS is resolving the nginx name, but somehow it cannot actually reach nginx application.
I have tried to use NodePort and ClusterIP service configuration, but always same behavior.
I would expect that I could access the CLUSTER-IP from any POD in the kubernet cluster.... is there any special reason for this behavior or a way to get this working?
/etc/resolv.conf, nslookup hello, netstat -tlnp
, What image are you using? – Mark