Guestbook Example: Load Balancer

Cluster information:

Kubernetes version: 1.18.2
Cloud being used: Bare Metal
Installation method: Kubeadm
Host OS: CentOS 8
CNI and version: WeaveNet, latest
CRI and version: CRI-O, 17


I am trying to work through the Guestbook example in the Kubernetes documentation.

I have everything up and running, but I am not able to access the site.

[chris@master guestbook]$ kubectl get service
NAME           TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)        AGE
frontend       LoadBalancer   80:30610/TCP   5m5s
kubernetes     ClusterIP        <none>         443/TCP        174m
redis-master   ClusterIP    <none>         6379/TCP       128m
redis-slave    ClusterIP    <none>         6379/TCP       122m
[chris@master guestbook]$ kubectl get pods
NAME                            READY   STATUS    RESTARTS   AGE
frontend-56fc5b6b47-68f4r       1/1     Running   0          120m
frontend-56fc5b6b47-z2wss       1/1     Running   0          120m
frontend-56fc5b6b47-z5cfs       1/1     Running   0          120m
redis-master-6b54579d85-95rk6   1/1     Running   0          153m
redis-slave-799788557c-wvfwk    1/1     Running   0          124m
redis-slave-799788557c-zmlpr    1/1     Running   0          124m

The issue is very bizarre. http, https, and 80 is allowed in my firewall. Sometimes I get connection refused, but often I get “no route to host”

Here are the firewall rules on master:

sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  services: cockpit dhcpv6-client http https ssh
  ports: 6443/tcp 2379-2380/tcp 10250/tcp 10251/tcp 10252/tcp 10255/tcp 10248/tcp 80/tcp 8472/udp
  masquerade: yes
  rich rules:

From the worker:

[chris@worker01 ~]$ nc -vz 80
Ncat: Version 7.70 ( )
Ncat: No route to host.

If I stop firewalld, I get a successful connection:

[chris@worker01 ~]$ nc -vz 80
Ncat: Version 7.70 ( )
Ncat: Connected to
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

However, when I attempt a browser or curl request to the site (via external IP), it takes forever, times out, and then goes back to no route to host

[chris@master guestbook]$ curl

Spaces to show the time out

[chris@worker01 ~]$ nc -vz 80
Ncat: Version 7.70 ( )
Ncat: No route to host.

I’m not sure what I’ve done incorrectly. I don’t know if this is a SELinux issue or firewalld CentOS issue. It could be neither?

Here are the manifests
[chris@master guestbook]$ cat frontend-deployment.yaml
apiVersion: apps/v1
kind: Deployment
  name: frontend
    app: guestbook
      app: guestbook
      tier: frontend
  replicas: 3
        app: guestbook
        tier: frontend
      - name: php-redis
            cpu: 100m
            memory: 100Mi
        - name: GET_HOSTS_FROM
          value: dns
        - containerPort: 80
[chris@master guestbook]$ cat frontend-service.yaml
apiVersion: v1
kind: Service
  name: frontend
    app: guestbook
    tier: frontend
  type: LoadBalancer
  -  port: 80
    app: guestbook
    tier: frontend

Any tips or tricks besides “Don’t use CentOS” would be greatly appreciated. I’ve been on this for about five hours, off and on. Not sure what else to do.

This is not limited to CentOS 8. I just spun everything up on 7. Same results. No route to host.

I set the externalIPs to one of the worker nodes instead of the master node. It’s working.

Not sure if that’s the right answer or an anomaly but it “works on my machine” so I guess I’ll call it a win.

Nope. I can access the frontend but not the databases.

I guess for now I’m going to consider this my answer:

Kubernetes does not offer an implementation of network load-balancers (Services of type LoadBalancer) for bare metal clusters. The implementations of Network LB that Kubernetes does ship with are all glue code that calls out to various IaaS platforms (GCP, AWS, Azure…). If you’re not running on a supported IaaS platform (GCP, AWS, Azure…), LoadBalancers will remain in the “pending” state indefinitely when created.

OpenStack it is. Thx guise