Cluster information:
Kubernetes version: 1.18.2
Cloud being used: Bare Metal
Installation method: Kubeadm
Host OS: CentOS 8
CNI and version: WeaveNet, latest
CRI and version: CRI-O, 17
Hello,
I am trying to work through the Guestbook example in the Kubernetes documentation.
https://kubernetes.io/docs/tutorials/stateless-application/guestbook/
I have everything up and running, but I am not able to access the site.
[chris@master guestbook]$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
frontend LoadBalancer 10.100.147.210 172.16.0.126 80:30610/TCP 5m5s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 174m
redis-master ClusterIP 10.105.175.81 <none> 6379/TCP 128m
redis-slave ClusterIP 10.108.229.99 <none> 6379/TCP 122m
[chris@master guestbook]$ kubectl get pods
NAME READY STATUS RESTARTS AGE
frontend-56fc5b6b47-68f4r 1/1 Running 0 120m
frontend-56fc5b6b47-z2wss 1/1 Running 0 120m
frontend-56fc5b6b47-z5cfs 1/1 Running 0 120m
redis-master-6b54579d85-95rk6 1/1 Running 0 153m
redis-slave-799788557c-wvfwk 1/1 Running 0 124m
redis-slave-799788557c-zmlpr 1/1 Running 0 124m
The issue is very bizarre. http, https, and 80 is allowed in my firewall. Sometimes I get connection refused, but often I get “no route to host”
Here are the firewall rules on master:
sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client http https ssh
ports: 6443/tcp 2379-2380/tcp 10250/tcp 10251/tcp 10252/tcp 10255/tcp 10248/tcp 80/tcp 8472/udp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
From the worker:
[chris@worker01 ~]$ nc -vz 172.16.0.126 80
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: No route to host.
If I stop firewalld, I get a successful connection:
[chris@worker01 ~]$ nc -vz 172.16.0.126 80
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to 172.16.0.126:80.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
However, when I attempt a browser or curl request to the site (via external IP), it takes forever, times out, and then goes back to no route to host
[chris@master guestbook]$ curl 172.16.0.126
Spaces to show the time out
[chris@worker01 ~]$ nc -vz 172.16.0.126 80
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: No route to host.
I’m not sure what I’ve done incorrectly. I don’t know if this is a SELinux issue or firewalld CentOS issue. It could be neither?
Here are the manifests
[chris@master guestbook]$ cat frontend-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
labels:
app: guestbook
spec:
selector:
matchLabels:
app: guestbook
tier: frontend
replicas: 3
template:
metadata:
labels:
app: guestbook
tier: frontend
spec:
containers:
- name: php-redis
image: gcr.io/google-samples/gb-frontend:v4
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: GET_HOSTS_FROM
value: dns
ports:
- containerPort: 80
[chris@master guestbook]$ cat frontend-service.yaml
apiVersion: v1
kind: Service
metadata:
name: frontend
labels:
app: guestbook
tier: frontend
spec:
type: LoadBalancer
externalIPs:
- 172.16.0.126
ports:
- port: 80
selector:
app: guestbook
tier: frontend
Any tips or tricks besides “Don’t use CentOS” would be greatly appreciated. I’ve been on this for about five hours, off and on. Not sure what else to do.