k3s: NodePort not working

Version: v0.9.1

Describe the bug Cannot access a nginx service from its NodePort

To Reproduce

k3scluster@node:$ cat > manifest <<EOF
> apiVersion: apps/v1
> kind: Deployment
> metadata:
>   name: nginx-deployment
> spec:
>   selector:
>     matchLabels:
>       app: nginx-app
>   replicas: 1
>   template:
>     metadata:
>       labels:
>         app: nginx-app
>     spec:
>       containers:
>       - name: nginx
>         image: nginx:1.13.12
>         ports:
>         - containerPort: 80
> ---
> apiVersion: v1
> kind: Service
> metadata:
>   labels:
>     app: nginx-app
>   name: nginx-svc
>   namespace: default
> spec:
>   type: NodePort  # use ClusterIP as type here
>   ports:
>     - port: 80
>   selector:
>     app: nginx-app
> EOF

k3scluster@node:$ kubectl apply -f manifest 
deployment.apps/nginx-deployment created
service/nginx-svc created

k3scluster@node:$ kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.43.0.1      <none>        443/TCP        4m41s
nginx-svc    NodePort    10.43.112.32   <none>        80:32136/TCP   59s

k3scluster@node:$ kubectl describe svc nginx-svc
Name:                     nginx-svc
Namespace:                default
Labels:                   app=nginx-app
Annotations:              kubectl.kubernetes.io/last-applied-configuration:
                            {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"nginx-app"},"name":"nginx-svc","namespace":"default"},"s...
Selector:                 app=nginx-app
Type:                     NodePort
IP:                       10.43.112.32
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  32136/TCP
Endpoints:                10.42.0.6:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

k3scluster@node:$ curl localhost:32136

this just hangs forever and doesn’t return anything.

Expected behavior

The default Nginx index.html should be returned on the curl command

Actual behavior

curl times out

Additional context

Running on RPi 3B with Raspbian Buster

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 2
Comments: 18 (4 by maintainers)

Most upvoted comments

It was very strange, I managed to fix it by:

Switch iptables to legacy.
Delete all iptables rules
Restart the machine

Then it worked.

MartinPham on Jan 31, 2020

I have the same problem.

 default       kubernetes           ClusterIP      10.43.0.1     <none>        443/TCP                      10m
kube-system   kube-dns             ClusterIP      10.43.0.10    <none>        53/UDP,53/TCP,9153/TCP       10m
kube-system   metrics-server       ClusterIP      10.43.216.4   <none>        443/TCP                      10m
kube-system   traefik-prometheus   ClusterIP      10.43.77.39   <none>        9100/TCP                     9m45s
kube-system   traefik              LoadBalancer   10.43.13.81   10.0.1.114    80:30869/TCP,443:32370/TCP   9m44s
default       nginx                NodePort       10.43.21.26   <none>        80:30400/TCP                 4m54s

only curl on the nginx host in ssh work.

I have scan with nmap the two node and i see for both of them: 30400/tcp filtered gs-realtime With putty and tunnel config to the nginx host machine it’s work.

I work 14 hours on that without success …

And i don’t understand how client know how to go on the specific HOST ip who’s running the nginx pods …

Raspbian GNU/Linux 10 (buster)"
iptables v1.8.2 (legacy)
k3s version v1.17.2+k3s1 (cdab19b0)

Help would be appreciated.

(sorry for my bad english)

Gregoire-Fremaux on Jan 29, 2020

Same issue here : AWS EC2 ubuntu:20.04 , latest k3s, I am able to : curl <machine private IP>:<nodeport> but not : curl <machine public IP>:<nodeport>

checked security groups, everything is fine. but unable to reach my cluster via public IP.

Edit : I got mine working, I was running openwhisk with this, which as network policies enabled to block it’s node port access.

pankaj-dahiya-devops on Sep 4, 2021

@cjdcordeiro With service of Type: NodePort, a port between range 30000-32767 is allocated on the node which can be accessed from outside, using node’s public ip:nodeport. In your example: curl http://<public ip>:32136 And can be access locally using ClusterIP:port curl http://10.43.112.32 Hope this helps. Please verify.

ShylajaDevadiga on Nov 10, 2019