Nginx Question posted in
The official documentation can be found here.

How to connect to a GKE service from GCE using internal IPs – Nginx

I have an Nginx service deployed in GKE with a NodePort exposed and i want to connect it from my Compute Engine instances through internal IP address only. When i try to connect to the Nginx with the cluster IP i only receive Timeout.

I think that clusterIP is only reachable inside a cluster but when i activated the NodePort might be works.

I am not know well the difference between NodePort and ClusterIP.

Tags:

2

Answers


  1. 0

    Cluster IP address is only accessible within cluster; so that’s why it is giving timeout message. Nodeport use to expose a port on Public IP of every node of cluster; so it may work.

    Login or Signup to reply.
  2. 0

    Background

    You can expose your application outside cluster using NodePort or LoadBalancer. ClusterIP allows connection only inside the cluster and it’s default Service type.

    • ClusterIP:

    Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType

    • NodePort:

    Exposes the Service on each Node’s IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created. You’ll be able to contact the NodePort Service, from outside the cluster, by requesting :.

    • LoadBalancer

    Exposes the Service externally using a cloud provider’s load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.

    In short, when you are using NodePort you need to use NodePublicIP:NodePort. When you are using LoadBalancer it will create Network LB with ExternalIP.

    In your GKE cluster you have something called VPC – Virtual Private Cloud which provides networking for your cloud-based resources and services that is global, scalable, and flexible.

    Solution

    Using VPC-Native CLuster
    Wit VPC-native clusters you’ll be able to reach to Pod’s IPs directly. You will need to create subnet in order to do it. Full guide can be found here

    Using VPC Peering
    If you would like to connect from 2 different projects in GKE, you will need to use VPC Peering.

    Access from outside the cluster using NodePort

    If you would like to reach your nginx service from outside you can use NodeIP:NodePort.
    NodeExternalIP (keep in mind that this node must have application pod on it. If you have 3 nodes and only 1 application replica, you must use NodeExternalIP where this pod was deployed. Another node, you need to allow NodePort access on Firewall.

    $ kubectl get nodes -o wide
NAME                                       STATUS   ROLES    AGE     VERSION             INTERNAL-IP   EXTERNAL-IP     OS-IMAGE                             KERNEL-VERSION   CONTAINER-RUNTIME
gke-cluster-1-default-pool-faec7b51-n5hm   Ready    <none>   3h23m   v1.17.14-gke.1600   10.128.0.26   23.236.50.249   Container-Optimized OS from Google   4.19.150+        docker://19.3.6

$ kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
nginx        NodePort    10.8.9.10    <none>        80:30785/TCP   39m

$ curl 23.236.50.249:30785
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search