I'm trying to debug why a service for a perfectly working deployment is not answering (connection refused).
I've double and tripled checked that the port and targetPort match (4180 for the container and 80 for the service)
when I list the my endpoints I get the following:
$ kubectl get endpoints
NAME           ENDPOINTS           AGE
kubernetes     10.40.63.79:443     82d
oauth2-proxy   10.40.34.212:4180   33s // <--this one
and from a pod running in the same namespace:
# curl 10.40.34.212:4180
curl: (7) Failed to connect to 10.40.34.212 port 4180: Connection refused
(By the way, same happens if I try to curl the service)
yet, if I port forward directly to the pod, I get a response:
$ kubectl port-forward oauth2-proxy-559dd9ddf4-8z72c 4180:4180 &
$ curl -v localhost:4180
* Rebuilt URL to: localhost:4180/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4180 (#0)
> GET / HTTP/1.1
> Host: localhost:4180
> User-Agent: curl/7.58.0
> Accept: */*
> 
Handling connection for 4180
< HTTP/1.1 403 Forbidden
< Date: Tue, 25 Jun 2019 07:53:19 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< 
<!DOCTYPE html>
// more of the expected response
* Connection #0 to host localhost left intact
I also checked that I get the pods when I use the selector from the service (I copy pasted it from what I see in kubectl describe svc oauth2-proxy):
$ kubectl describe svc oauth2-proxy | grep Selector
Selector:          app.kubernetes.io/name=oauth2-proxy,app.kubernetes.io/part-of=oauth2-proxy
$ kubectl get pods --selector=app.kubernetes.io/name=oauth2-proxy,app.kubernetes.io/part-of=oauth2-proxy
NAME                            READY   STATUS    RESTARTS   AGE
oauth2-proxy-559dd9ddf4-8z72c   1/1     Running   0          74m
I don't get why the endpoint is refusing the connection while using port forwarding gets a valid response. Anything else I should check?
Alright, turns out that this specific service was listening on localhost only by default:
$ netstat -tunap | grep LISTEN
tcp        0      0 127.0.0.1:4180          0.0.0.0:*               LISTEN      1/oauth2_proxy
I had to add an argument (-http-address=0.0.0.0:4180) to tell it to listen on 0.0.0.0
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With