Overview
Despite having set both port and targetport in the service definition, you can’t access the app from outside the cluster.
We will assume your service’s YAML looks something like this:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: web
ports:
- port: 8080
targetport: 80
Where the port
is the port on which the service is exposed, and the targetport
is the port the service bridges to on the target container.
There are many reasons why a service cannot be reached, so this runbook does not claim to be exhaustive. However, it will be able to help you eliminate many possible failure modes.
Check RunBook Match
If you are unable to make a web request via the cluster to the service, then this runbook may help you.
Initial Steps Overview
Detailed Steps
1) Is this affecting all pods?
First, determine (if you can) whether this issue affects all pods.
You might do this by:
Checking the logs for your pods for network lookup errors
Checking an external observability system to determine if all pods are showing similar errors
kubectl exec
ing onto the pods to try andcurl
ornslookup
DNS lookups manually (see step 9)
The last option may be problematic if your pods' images do not contain these utilities.
If the issue affects all pods, then it is likely that some core component, such as the CoreDNS pods have failed. Bear this in mind as you read on.
If the issue affects only a subset of pods, then some other factor might be at play. Bear this in mind as you read on.
These factors may include:
DNS configuration on the node
DNS configuration on the pod/workload
Solutions List
Solutions Detail
Set Up A NodePort Service
A NodePort Service exposes an app to the world outside the cluster via a port mapping on every node in the cluster.
If we adapt the YAML of our earlier service to make it a NodePort service, it would look like this:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
type: NodePort
selector:
app: web
ports:
- port: 8080
targetport: 80
nodePort: 31111
The nodePort is a TCP/UDP port between 30,000 and 32,767 that is mapped on every cluster node and exposes the Service to the host/node machines in the cluster.
Delete the service, then re-create it. Now when you send a request to port 31111, you should get a response.
kubectl get pods -o yaml | grep -i podip
podIP: 10.244.3.5
curl -k http://10.244.3.5:31111
Check Resolution
You should be able to access the service on the cluster using wget
/curl
or any HTTP client.