Hi, I have loaded up one of our apps/services into the k8s cluster in Docker for Mac, but I realized there’s a really basic concept that isn’t clear to me with this new configuration. I’ve created a load balancer service, but I can’t figure out how to access it. My service definition looks like:
I’m kind of curious about this too. In some experiments on a different system I found that, on one service, the published service port seemed to get published to the host, and an another, the every-host port got published, but I can’t easily reproduce that here.
Very minimal Kubernetes NodePort/LoadBalancer services · GitHub has a slightly more fleshed-out example. There is a ConfigMap that holds a simple HTML file, then a pair of Deployments (“np” and “lb”) that run a busybox httpd serving it, then a pair of Services (“np” and “lb” again) fronting those. “np” is a NodePort service and “lb” is a LoadBalancer service.
I’m finding what the OP found: no port listed anywhere in this config is exposed on localhost, and there’s no network path to reach the hidden Linux VM. Beyond that, I’m seeing everything I expect:
~% kubectl apply -f k8s-services.yaml
configmap "content" configured
deployment "lb" configured
service "lb" configured
deployment "np" configured
service "np" configured
~% kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 33m
lb LoadBalancer 10.104.181.235 <pending> 8181:30632/TCP 19m
np NodePort 10.109.36.209 <none> 8282:31959/TCP 19m
~% kubectl get pods
NAME READY STATUS RESTARTS AGE
lb-5958db466f-6znvm 1/1 Running 0 19m
np-54bfc6856c-djcnz 1/1 Running 0 19m
If I use the secret path to get a shell in the VM, the host ports work…
I can wget http://localhost:30632 netstat -tln shows the two ports 30632 and 31959 listening
If I kubectl run --rm -i --tty --image busybox x, then in that interactive shell…
I can wget http://lb:8181 and wget http://np:8282
I can wget http://192.168.65.3:30632, where that’s the IP address from kubectl describe node docker-for-desktop
I can wget http://10.1.0.14:8111, where that’s the IP address from kubectl describe pod -l name=lb
kubectl port-forward works as expected too.
~% docker version
Client:
Version: 17.12-kube_beta
API version: 1.35
Go version: go1.9.2
Git commit: ca0c9dbcb219048a1a61fbf82a2e69f1b9795023
Built: Fri Dec 15 10:20:47 2017
OS/Arch: darwin/amd64
Orchestrator: kubernetes
Server:
Engine:
Version: 17.12.0-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:12:29 2017
OS/Arch: linux/amd64
Experimental: true
~% brew cask info docker-edge
docker-edge: 17.12.0-ce-mac45,21669
https://www.docker.com/community-edition
/usr/local/Caskroom/docker-edge/17.12.0-ce-mac45,21669 (64B)
From: https://github.com/caskroom/homebrew-versions/blob/master/Casks/docker-edge.rb
==> Names
Docker Community Edition for Mac (Edge)
Docker CE for Mac (Edge)
==> Artifacts
Docker.app (App)
I discovered that the issue was due to the “web” service in the example stack having a port mapping of 80:80 in the stack yaml file. When I tried to manually port-forward a pod to port 80 I got an error, which gave me the clue to track back. Editing that file to map 8081:80 fixed the issue.
Running kubectl get services still shows a pending external IP but the service IS accessible on localhost:8081.
I’m new to MacOS but a quick look at lsof output suggested that nothing else is using port 80 (and I can’t browse to http://localhost:80) so I have no idea why Docker can’t map to it…it’s just broken on my mac (MBP 10.13.3).
Hope this helps someone else running into this on first contact with the Docker K8s docs.
On OSX access to port 80 is restricted to root. That is probably why you cannot map to it. New to Kubernetes so I have not tried to see if you can start it up in a way that allows port 80. I just use another port like 8081 like you did.