I have a cluster configured where the services (and their assoicated pods/containers) are all deployed into a private subnet. One of these pods represents the UI for the application and I've defined a load balancer with a public ip to proivde access to the UI. At least that's my intent. When I enter a URL in my browser with the IP of the load balancer, requests are not making it to the UI container. I assume I have something configured incorrectly and some advice would be appreciated. The definition for the UI service looks like this:
apiVersion: apps/v1beta1
kind: Deployment
metadata: {name: myui, namespace: gem}
spec:
replicas: 1
template:
metadata:
labels: {app: myui}
spec:
containers:
image: myblobstore.azurecr.io/myui:latest
imagePullPolicy: Always
name: myui
ports:
- {containerPort: 80}
---
apiVersion: v1
kind: Service
metadata: {name: myapp, namespace: gem}
spec:
loadBalancerIP: 40.123.124.125
ports:
- {name: '80', port: 80}
selector: {app: myui}
type: LoadBalancer
I've also defined a rule in my network security group that I had intended to allow traffic from a load balancer to reach the target container:
65001 AzureLoadBalancerInBound Any Any AzureLoadBalancer Any Allow
Traffic does not make it to the UI container though. What additional configuration do I need to get this to work?
Update: Here are the endpoints for my cluster:
$ kubectl get endpoints -n gem
NAME ENDPOINTS AGE
...
myui 10.0.2.22:80 176m
...
And to complete the picture, here's some additional info:
$ kubectl get pods -n gem -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
...
myui-99c55f8d4-2thzv 1/1 Running 0 ...
$ kubectl get svc -n gem -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
...
myui LoadBalancer 10.1.0.94 40.123.124.125 80:32246/TCP 3h1m app=myui
...
$ kubectl describe svc/myui -n gem
Name: myui
Namespace: gem
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"myui","namespace":"gem"},"spec":{"loadBalancerIP":"40.123.124,125"...
Selector: app=myui
Type: LoadBalancer
IP: 10.1.0.94
IP: 40.123.124.125
LoadBalancer Ingress: 40.123.124.125
Port: 80 80/TCP
TargetPort: 80/TCP
NodePort: 80 32246/TCP
Endpoints: 10.0.2.22:80
Session Affinity: None
External Traffic Policy: Cluster
Peter
In the end the solution was simply to make sure that the network security group being used has ports 80 and 443 open to allow internet traffic to flow. I had two different security groups and thought my load balancer would use the one I designated as my "public" security group, which did have ports 80 and 443 open. It instead used my other security group, and I had to add the appropriate rules to that group.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.