Curl <service-IP> only works half of the time

#1
I created a nginx service with 2 pods on a 2-node k8s cluster. The yaml files: cat nginx-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: selector: matchLabels: app: nginx replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80 cat nginx-service.yaml apiVersion: v1 kind: Service metadata: name: nginx-nodeport spec: type: NodePort ports: - protocol: TCP port: 80 targetPort: 80 nodePort: 30080 selector: app: nginx somehow I can only run curl http:// on the nodes (not the master). Also the only half of the time the curl http:// would return. Looks to me that I only get the the result when the http is served from the node where I can the curl command. Any help is appreciated/
#2

What is the url you are trying to hit? You should be okay if you’re using host:nodeport . If that isn’t working you may want to check your firewall settings.

#3

I was using the curl and the port is 80.

I did some research, I found this:

It seems related to the chain FORWARD rules are:

#iptables -L |grep FORWARD
Chain FORWARD (policy DROP)
KUBE-FORWARD all – anywhere anywhere /* kubernetes forwarding rules */
Chain KUBE-FORWARD (1 references)

BUT: after I run iptables -P FORWARD ACCEPT on all nodes and the master, the issue is still same.

#4

Normally you would just use the ip of one of the nodes or the load balancer plus the node port the service is being exposed on and things should work good. nodeip:nodeport

If you are trying to hit port 80 you’ll get a different behaviour.

1 Like
#5

I sorted out the issue. the issue is fixed after the ICMP is enabled in the security group.

1 Like
#6

Awesome, glad you figured it out!