From outside the cluster, unable to reach MyApp (client --> <nodeIP>:<nodePort> --> Service --> Pod --> MyApp)

Question

Issue : From outside cluster, exposing service via NodePort, I am unable to reach the application. I should be to get a response from MyApp: From my mac client (http://nodeIP:nodePort/api/users) --> node (nodePort) --> service (endPoints) -- pod --> MyApp (in container)

Setup :

• OS: Mac and DockerDesktop using KIND, created cluster (1-master, 2-workers)
• deployed simple app and able to 'kubectl exec myPod -- curl http://localhost/api/users' <-- this does work
• Then created 'service' with type:NodePort (auto picked by k8)
• Supposedly from my Mac (client), I should be able to reach MyApp but trying to 'curl (http://nodeIP:nodePort/api/users)' just times out.

Request : Not sure what is missing: is it firewall blocking it, is there a port forwarding missing, something else... from my computer trying to 'curl http://:/api/users' times out.

side note: I know I can use other methods like ingress. For now, I am trying to learn and figure out why NodePort method isn't working.

Answer 1

Docker for Mac runs in a hyperkit Linux VM and not on your actual Mac. So with kind , every node is a container, and unfortunately, you won't be able to connect to the NodePort from your Mac.

The workaround is to connect from the Docker VM or from a container with the same networking space as the VM.

$ docker run --rm -it --net host alpine sh
# curl http://<the-ip-address-from-a-node>:<NodePort>/api/users

If you'd like browser access, another way is to kubectl proxy... from your Mac to reach the service. Or kubectl port-forward svc/service-name <localport>:<serviceport> to the service.