1

Infrastructure:

+------------------------------------------------------+
| Host                                                 |
|     +-----------------------------------+            |
|     | Vagrant box                       |            |
|     |    +------------------------------+            |
|     |    | Minikube                     |            |
|     |    |   +--------------------------+            |
|     |    |   | Pods/Services/etc...     |            |
|     |    |   |                          |            |
|     |    |   |                          | <--+ curl  |
|     |    |   |                          |            |
|     |    |   |                          |            |
|     |    |   |                          |            |
|     |    |   |                          |            |
|     |    |   |                          |            |
+-----+----+---+--------------------------+------------+

Example:

$ kubectl run nginx --image=nginx:alpine

svc.yaml:

apiVersion: v1
kind: Service
metadata:
  labels:
    run: nginx
  name: nginx
spec:
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 30888
    port: 30888
    protocol: TCP
    targetPort: 80
  selector:
    run: nginx
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

Create the service (note its type is NodePort):

$ kubectl create -f svc.yaml

Everything is up and running and it seems that I'm able to connect to the 127.0.0.1:30888 and 0.0.0.0:30888 from within the vagrant box:

$ kubectl get po nginx-5bd976694-nq5sr 
NAME                    READY     STATUS    RESTARTS   AGE
nginx-5bd976694-nq5sr   1/1       Running   0          9m

$ kubectl get svc nginx
NAME      TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
nginx     NodePort   10.105.135.126   <none>        30888:30888/TCP   9m

$ curl -sv 127.0.0.1:30888 > /dev/null
* Rebuilt URL to: 127.0.0.1:30888/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:30888
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.13.8
< Date: Thu, 04 Jan 2018 11:18:21 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 26 Dec 2017 18:18:51 GMT
< Connection: keep-alive
< ETag: "5a42928b-264"
< Accept-Ranges: bytes
< 
{ [612 bytes data]
* Curl_http_done: called premature == 0
* Connection #0 to host 127.0.0.1 left intact

$ curl -sv 0.0.0.0:30888 > /dev/null
* Rebuilt URL to: 0.0.0.0:30888/
*   Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:30888
> User-Agent: curl/7.52.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.13.8
< Date: Thu, 04 Jan 2018 11:18:28 GMT
< Content-Type: text/html
< Content-Length: 612
< Last-Modified: Tue, 26 Dec 2017 18:18:51 GMT
< Connection: keep-alive
< ETag: "5a42928b-264"
< Accept-Ranges: bytes
< 
{ [612 bytes data]
* Curl_http_done: called premature == 0
* Connection #0 to host 0.0.0.0 left intact

So this works on the guest machine, however if I try curl on the vagrant host - there's no answer:

$ vagrant port | grep guest
    22 (guest) => 2222 (host)
 30270 (guest) => 27017 (host)
 30888 (guest) => 30888 (host)
 30330 (guest) => 3306 (host)
 30080 (guest) => 8080 (host)
 30081 (guest) => 8081 (host)

$ curl -sv 127.0.0.1:30888 > /dev/null
* Rebuilt URL to: 127.0.0.1:30888/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:30888
> User-Agent: curl/7.52.1
> Accept: */*
> 

$ curl -sv 0.0.0.0:30888 > /dev/null
* Rebuilt URL to: 0.0.0.0:30888/
*   Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 30888 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:30888
> User-Agent: curl/7.52.1
> Accept: */*
>

I think the biggest problem here is that minukube ip in the vagrant box is 127.0.0.1:

$ sudo -E minikube ip
127.0.0.1

Any ideas?

NarūnasK
  • 358
  • 4
  • 16
  • forwarded ports on vagrant should be available on all ips in the host try `curl 0.0.0.0:30888` – Sum1sAdmin Jan 04 '18 at 11:58
  • @Sum1sAdmin Added `curl -sv 0.0.0.0:30888` to the question to show that it doesn't work. – NarūnasK Jan 04 '18 at 12:04
  • it seems to connect in all cases but nginx does not send anything - same result with wget? – Sum1sAdmin Jan 04 '18 at 12:52
  • Yes, it does not work with `wget` either. It's not `Nginx` that's not returning, based on `Nginx` logs it has no idea that someone has requested something. I tried to listen with `netcat -4 -lp 30888` and I saw `curl` passing through, so it definitely has something to do with `minikube` inner workings... – NarūnasK Jan 04 '18 at 13:08

3 Answers3

0

You could try running a reverse ssh tunnel into the vagrant guest:

ssh -fN -L 30100:192.168.49.2:30100 -i ~/Vagrant\ Machines/kubernetes-dev01/.vagrant/machines/default/vmware_desktop/private_key kubernetes@192.168.56.212

Where:

-f forks to background

-N Do not execute a remote command.

30100 is the port on your laptop to use to bind locally, i.e. end result, go to localhost:30100 in webbrowser

192.168.49.2 is the ip inside the vagrant machine running the app, and it runs on 30100 on the inside as well.

-i is the identity private ssh key path

kubernetes is the user who can access the vagrant machine 192.168.56.212 is the ip the laptop can connect to the vagrant machine over.

There is probably a better way to cross map the port, but this will at least give you a down and dirty way to reverse tunnel into the service.

David
  • 1
  • 1
0

It could be necessary run with --insecure-bind-address=0.0.0.0 option.

https://github.com/kubernetes/kubernetes/issues/39586

kurkop
  • 391
  • 2
  • 7
0

It turned out that a simple iptables rule may end the misery:

# iptables -A DOCKER -j ACCEPT
NarūnasK
  • 358
  • 4
  • 16