Creating a service for a DaemonSet

Question

I'm trying to reach a DaemonSet listening on port 18081 via a service but unsucessfully so far.

The pod that was started by the DaemonSet works correctly. I can port-forward to the pod and port 18081 and talk to exposed API on the port.

The service for the DaemonSet is configured as follows:

kind: Service
apiVersion: v1
metadata:
  name: monerod-service
spec:
  selector:
    name: monerod
  ports:
  - protocol: TCP
    port: 18081

In the Kubernetes UI (kubectl proxy) the correct Pod is selected in the service, so the pod selectors seems to be fine.

I can execute a ping on the pod that needs to connect to monerod-service and the correct IP is shown. But connection to the port via curl fails (same curl works in the port-forward test).

What am I missing in the configuration. Is there a difference between DaemonSet/Deployment service creation?

---

More playing around with Kubernetes

I played around with the service and DaemonSet. I converted the DaemonSet to a "normal" Deployment, but the same behaviour is shown. So the behaviour has nothing to do with DaemonSets. It has to be something else with services/pods I do not understand.

I created the service now with:

kubectl expose deployment monerod-deployment --type=ClusterIP

and this results in the following service:

{
  "kind": "Service",
  "apiVersion": "v1",
  "metadata": {
    "name": "monerod-deployment",
    "namespace": "default",
    "labels": {
      "app": "monerod"
    }
  },
  "spec": {
    "ports": [
      {
        "protocol": "TCP",
        "port": 18081,
        "targetPort": 18081
      }
    ],
    "selector": {
      "app": "monerod"
    },
    "clusterIP": "<some-ip>",
    "type": "ClusterIP",
    "sessionAffinity": "None"
  },
  "status": {
    "loadBalancer": {}
  }
}

That looks pretty good. That should expose port 18081 for other services only in the cluster.

If I execute now a

curl -X POST http://monerod-deployment:18081/json_rpc ...

in the pod that should talk to the monerod service this results in

port 18081: Connection refused

In the monerod-deployment docker container the container is exposed (with EXPOSE 18081) and the the deployment has the following port definition:

"ports": [
  {
    "containerPort": 18081,
    "protocol": "TCP"
  }
],

Doing a port-forward to the deployment with kubectl and executing the curl locally works perfectly fine. I do not understand, why the connection from the pod to the monerod-deployment cannot be established.

Answer 1

Found out was wrong, it was nothing in Kubernetes.

The monerod daemon does only allow connections from localhost by default, for security reason. Enabling external connections '--confirm-external-bind' made it work.

The link to https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/#running-commands-in-a-pod from Baltazar was very helpful finding out was is going on and elimanting all causes in Kubernetes one by one!