Question posted in 
I have set up a k8s cluster (1 node cluster) using DOKS. The service is running fine with nodeport config. However, I am unable to access it using http://${NodeIP}:${NodePort} from browsers. I have even tried to add the firewall rule, but i am getting error response from backend while trying to add a new inbound TCP rule. Not a useful error message!
Curl and Telnet are failing as well.
Please find below my dockerfile, deployment and service yaml files.
Dockerfile
FROM nginx:1.21.1
COPY build/ /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx/nginx.conf /etc/nginx/conf.d
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
Service YAML file
kind: Service
apiVersion: v1
metadata:
name: int
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
nodePort: 31000
selector:
app: int
Deployment YAML
kind: Deployment
apiVersion: apps/v1
metadata:
name: int
spec:
replicas: 2
selector:
matchLabels:
app: int
template:
metadata:
labels:
app: int
spec:
containers:
- name: int
image: registry.digitalocean.com/xxxxx/int:latest
imagePullPolicy: Always
ports:
- containerPort: 80
restartPolicy: Always
Kubectl get pods output
root@ast-a1:~# kubectl get pods
NAME READY STATUS RESTARTS AGE
int-7cc5445c7-hnwvp 1/1 Running 0 3h14m
int-7cc5445c7-qtr6n 1/1 Running 0 3h14m
Kubectl get svc output
root@ast-a1:~# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
int NodePort 10.xxx.xx.xx <none> 80:31000/TCP 152m
kubernetes ClusterIP 10.xxx.x.x <none> 443/TCP 3d3h
The response
Am I making a mistake somewhere? I am just trying out DOKS.
EDIT:
Added tracert output.
C:Usersck5>tracert 1xx.xx.xx.xxx
Tracing route to 1xx.xx.xx.xxx over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 4 ms 2 ms 3 ms 1x.1xx.xx.xx.static-hydrabad.vsnl.net.in [1x.1xx.xx.xx]
4 * * * Request timed out.
5 49 ms 52 ms 12 ms 2xx.6x.xxx.xxx.static-bangalore.vsnl.net.in [2xx.xx.xxx.xxx]
6 13 ms 12 ms 110 ms 1xx.1xx.2xx.15
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
2
Answers
Looks like a security group or a firewall issue. Run a traceroute to the destination IP from the machine with your browser.
If it stops at the last hop, it is most likely the security group not allowing connections to your port from the source subnet.
If the traceroute stops in the middle it is more likely a firewall issue.
First tried to verify your service is up & running or not using the port-forward command
open the
localhost:8080in the browserthis way you can first verify if running is running and giving output or not.
also I hope the config you are adding inside the Nginx docker image for proper, check the log of pod also once to verify no issue in POD.
Now if service is giving output there is an issue from the
Nodeportside now or from thefirewallside.