0

I setup my own cluster using Kubespray on google cloud: 1 master, 1 node. I launched a jenkins app on it. The app does not show up in the browser even though everything appears to be correct. My service and deployment (copied from article on internet so that I don't introduce any potential errors):

apiVersion: v1
kind: Service
metadata:
  name: jenkins
spec:
  type: NodePort
  ports:
    - port: 8080
      targetPort: 8080
  selector:
    app: jenkins
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: jenkins
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: jenkins
    spec:
      containers:
        - name: jenkins
          image: jenkins/jenkins
          env:
            - name: JAVA_OPTS
              value: -Djenkins.install.runSetupWizard=false
          ports:
            - name: http-port
              containerPort: 8080
            - name: jnlp-port
              containerPort: 50000

Everything looks as you would expect. Run a kubectl get pods and see that it is running:

NAME                      READY   STATUS    RESTARTS   AGE
jenkins-b64d4d96d-4vj48   1/1     Running   0          22m

Run a kubectl get svc for the nodeport:

NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
jenkins      NodePort    10.233.28.168   <none>        8080:31794/TCP   25m
kubernetes   ClusterIP   10.233.0.1      <none>        443/TCP          11h

If I visit < worker node ip >:31794 nothing comes up. I checked ports on worker node, I even manually opened 30000-32767 on the worker node just in case (by running: sudo iptables -A INPUT -p tcp --dport 30000:32767). Run a sudo netstat -tulpn | grep LISTEN to verify nodeport 31794 is open:

tcp6       0      0 :::10256                :::*                    LISTEN      9580/kube-proxy     
tcp6       0      0 :::80                   :::*                    LISTEN      1200/apache2        
tcp6       0      0 :::31794                :::*                    LISTEN      9580/kube-proxy     
tcp6       0      0 :::22                   :::*                    LISTEN      1428/sshd

So clearly 31794 is open on the worker node. Why then can I not access jenkins in the browser? Everything seems in order.

UPDATE:

I redeployed it with a loadbalancer type. The load balancer's ip is always in pending, so I believe external networking on my cluster is dead. This shouldn't be since I entered the default network in my terraform script. Has anyone got an idea of how to approach this?

UPDATE 2:

Redeployed cluster manually without terraform, and it worked as it usually did. Why would terraform break my networking if I specified the correct network (default) in my tf code?

iknowi
  • 121
  • 3
  • I think the problem is, that you don't see an External IP, when you run `kubectl get svc`. I think the `CLUSTER-IP`s are purely internal and you can not access them. So you need to make sure to configure an external IP. – Tomáš Pospíšek Aug 19 '19 at 15:35
  • Hi Tomas, do you have k8s experience? From your comment I assume not. The cluster IP is internal, yes, but I have configured a nodeport for external access. I shouldn't need an external ip. Also, it was deployed via kubespray so I can't use type: LoadBalancer (a load balancer has an external ip, but not in my case since my cluster was deployed manually). – iknowi Aug 19 '19 at 16:06
  • Hi @iknowi! "do you have k8s experience" -> yes I do. To the rest of your comment: I see (k8s is satanically complex, I do a lot of k8s these days, but I'm far from being a know-all-whiz). – Tomáš Pospíšek Aug 19 '19 at 16:11
  • Hi @Tomáš Pospíšek, ok, I see. No worries. I'm going to explore ingress now. Hopefully someone experience will come along and help resolve this issue. – iknowi Aug 19 '19 at 16:29

1 Answers1

1

I fixed my issue. I created a custom network tag in GCP named "nodeports" in the range 30000-32767 and added it to my terraform code. I originally did not think I needed to do this, since I thought kubespray would open the ports for me and because the ports were open when I tested them before.

I can now access Jenkins in the browser.

iknowi
  • 121
  • 3