I can set up Ingress on a minikube cluster as in this tutorial:
https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/
But then the service is reachable on the minikube ip only from the host which runs minikube.
How do I enable connections from other hosts?
This can be done with this command:
kubectl port-forward --address 0.0.0.0 deployment/ingress-nginx-controller 8443:443 --namespace ingress-nginx
Now the ingress can be reached from other hosts by
https://my.host.running.minikube:8443/
I followed the same page installing the minikube on a remote host.
Then to access to it from my localhost I have to run in the minikube the following command:
kubectl port-forward --address 0.0.0.0 web-746c8679d4-h47j4 8080:8080
The 0.0.0.0 means every address, it can be restricted.
Related
I am trying to set up a generic pod on OpenShift 4 that can connect to a mysql server running on a separate VM outside the OpenShift cluster (testing using local openshift crc). However when creating the deployment, I'm unable to connect to the mysql server from inside the pod (for testing purposes).
The following is the deployment that I use:
kind: "Service"
apiVersion: "v1"
metadata:
name: "mysql"
spec:
ports:
- name: "mysql"
protocol: "TCP"
port: 3306
targetPort: 3306
nodePort: 0
selector: {}
---
kind: "Endpoints"
apiVersion: "v1"
metadata:
name: "mysql"
subsets:
- addresses:
- ip: "***ip of host with mysql database on it***"
ports:
- port: 3306
name: "mysql"
---
apiVersion: v1
kind: DeploymentConfig
metadata:
name: "deployment"
spec:
template:
metadata:
labels:
name: "mysql"
spec:
containers:
- name: "test-mysql"
image: "***image repo with docker image that has mysql package installed***"
ports:
- containerPort: 3306
protocol: "TCP"
env:
- name: "MYSQL_USER"
value: "user"
- name: "MYSQL_PASSWORD"
value: "******"
- name: "MYSQL_DATABASE"
value: "mysql_db"
- name: "MYSQL_HOST"
value: "***ip of host with mysql database on it***"
- name: "MYSQL_PORT"
value: "3306"
I'm just using a generic image for testing purposes that has standard packages installed (net-tools, openjdk, etc.)
I'm testing by going into the deployed pod via the command:
$ oc rsh {{ deployed pod name }}
however when I try to run the following command, I cannot connect to the server running mysql-server
$ mysql --host **hostname** --port 3306 -u user -p
I get this error:
ERROR 2003 (HY000): Can't connect to MySQL server on '**hostname**:3306' (111)
I've also tried to create a route from the service and point to that as a "fqdn" alternative but still no luck.
If I try to ping the host (when inside the pod), I cannot reach it either. But I can reach the host from outside the pod, and from inside the pod, I can ping sites like google.com or github.com
For reference, the image being used is essentially the following dockerfile
FROM ubi:8.0
RUN dnf install -y python3 \
wget \
java-1.8.0-openjdk \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \
postgresql-devel
WORKDIR /tmp
RUN wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && \
rpm -ivh mysql-community-release-el7-5.noarch.rpm && \
dnf update -y && \
dnf install mysql -y && \
wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.48.tar.gz && \
tar zxvf mysql-connector-java-5.1.48.tar.gz && \
mkdir -p /usr/share/java/ && \
cp mysql-connector-java-5.1.48/mysql-connector-java-5.1.48-bin.jar /usr/share/java/mysql-connector-java.jar
RUN dnf install -y tcping \
iputils \
net-tools
I imagine there is something I am fundamentally misunderstanding about connecting to an external database from inside OpenShift, and/or my deployment configs need some adjustment somewhere. Any help would be greatly appreciated.
As mentioned in the conversation for the post, it looks to be a firewall issue. I've tested again with the same config, but instead of an external mysql db, I've tested via deploying mysql in openshift as well and the pods can connect. Since I don't have control of the firewall in the organisation, and the config didn't change between the two deployments, I'll mark this as solved as there isn't much more I can do to test it
I have used the following command for port mapping
sudo docker run -d -p 3306:33060 --name App1 APP/framework:app
where 3306 port belongs to localhost machine MySQL and 33060 is the port into a docker container, so communication is happening between 3306:33060 in docker. I'm getting issue as below:
sudo docker run -d -p 3306:33060 --name App1 APP/framework:app fc1ffe98b2f2e6299a3070be8296d8b530ef4bdb3bd4cfd79d28ffc535a361c1
docker: Error response from daemon: driver failed programming external connectivity on endpoint App1 (30ec933973acf63a48ef9a20b0027af18bd23e1f36cf852e2e3e3758eaa1f843): Error starting userland proxy: listen tcp 0.0.0.0:3306: bind: address already in use.
I don't want mysql in docker container to create image.Just want to open random port and map 3306 and host-ip to communication with port in docker i.e 33060
Can anyone please suggest any way to resolve this that would be appreciated? Thank you.
Some examples from the docker documentation, before the colon is the container port, and after the colon is the container host port.
-p 8080:80
Map TCP port 80 in the container to port 8080 on the Docker host.
-p 192.168.1.100:8080:80
Map TCP port 80 in the container to port 8080 on the Docker host for connections to host IP 192.168.1.100.
-p 8080:80/udp
Map UDP port 80 in the container to port 8080 on the Docker host.
-p 8080:80/tcp -p 8080:80/udp
Map TCP port 80 in the container to TCP port 8080 on the Docker host, and map UDP port 80 in the container to UDP port 8080 on the Docker host.
More information at, https://docs.docker.com/config/containers/container-networking/
If you want to access port 3306 in the host from your docker container, you can use
sudo docker run -d --net host --name App1 APP/framework:app
and you container will share the host's network meaning that you could do localhost:3306 from inside your container and "localhost" on the container would be exactly the same thing as "localhost" on the host.
I am trying to expose a new app created via openshift command line(oc). This is a nodeJS server listening on port=3000. However, opeshift defaults the target-port to 8080 as shown in the following service.yaml:
kind: Service
apiVersion: v1
.............
.............
spec:
ports:
- name: 8080-tcp
protocol: TCP
port: 8080
targetPort: 8080
.........
I want to be able to update targetPort via the command line. I already followed these steps, but no luck so far:
step1: oc new-project my-new-project
step2: oc new-app https:\\github.org.com\my-new-app.git
step3: oc expose service my-new-app --target-port=3000
Error: **cannot use --target-port with --generator=route/v1**
Note: I am able to access the app(i.e. port=3000) only when I manually update targetPort to 3000 in Services.yaml.
You didnt specify port . Try this.
oc expose service my-new-app --target-port=3000 --port=8080
For exmaple, I created network at docker
docker network create hello-rails
Then, I have mySQL, which is connected to this network
docker run -p 3306 -d --network=hello-rails --network-alias=db -e MYSQL_ROOT_PASSWORD=password --name hello-rails-db mysql
And also, I have rails server, which also rely on this network
docker run -it -p 3000:3000 --network=hello-rails -e MYSQL_USER=root -e MYSQL_PASSWORD=password -e MYSQL_HOST=db --name hello-rails benjamincaldwell/hello-docker-rails:latest
I want to write deployment on kubernetes for these two containers with YAML file. But I don't know, how to put network inside containers in the file. Do you have any recommendations?
In Kubernetes you would solve this by creating two services.
The MySQL service will look something like this:
kind: Service
apiVersion: v1
metadata:
name: mysql
spec:
selector:
app: mysql
ports:
- port: 3306
In your rails server, you can access the MySQL service by either using the mysql DNS name or using the MYSQL_SERVICE_HOST and MYSQL_SERVICE_PORT environment variables. There is no need to link the containers or specifying a network, as would be done in Docker.
Your Rails service will look like this:
kind: Service
apiVersion: v1
metadata:
name: rails
spec:
type: LoadBalancer
selector:
app: rails
ports:
- port: 3000
Notice the type: LoadBalancer, which specifies that this service will be published to the outside world. Depending on where you run Kubernetes, a public IP address will be automatically assigned to this service.
For more information, have a look at the Services documentation.
I followed all the google documentation to deploy a docker image into goole compute (this one) but I can't find more informations about google-container-manifest options.
For example I can't add a port range.
I tried that without success :
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
- containerPort: "10000-20000"
hostPort: "10000-20000"
Where can we find all parameters we can use for google container manifest ?
And is it possible to add a port range mapping ?
Thx
[Edit with #alex solution]
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
hostNetwork: true
containers:
- name: test1
image: eu.gcr.io/app-1234/image
imagePullPolicy: Always
And now all port on docker container are expose on google VM.
Do not forget to configure a network to expose all port you need like that :
gcloud compute networks create test-network
gcloud compute firewall-rules create test-allow-http --allow tcp:80 --network test-network
gcloud compute firewall-rules create test-allow-ssh --allow tcp:22 --network test-network
gcloud compute firewall-rules create test-allow-https --allow tcp:443 --network test-network
gcloud compute firewall-rules create test-allow-video --allow udp:10000-20000,icmp --network test-network
And run instance like that :
gcloud compute instances create test-example \
--image container-vm \
--metadata-from-file google-container-manifest=containers.yaml \
--zone europe-west1-b \
--machine-type n1-standard-2 \
--network test-network
As mentioned a little lower down on that docs page:
Documentation for the container manifest can be found in the
Kubernetes API Pod Specification. The container VM is running a
simple Kubelet and not the entire Kubernetes control plane, so the
v1.PodSpec honored by the container VM is limited to containers,
volumes, and restartPolicy.
Regarding adding such a large range of ports, though, would you mind explaining your use case? Currently the API does not support arbitrary port ranges, only lists of explicit ports. If what you really want is for all the ports on the machine to be usable by your container, you might want to consider the hostNetwork option in the v1.PodSpec, which will run your container directly on the host's network with no need for port mapping.