Newbie needs help: Expose Container Port

Rancher
1

Hey,

currently I’m playing around with Rancher and Kubernetes for the first time. I have already some experience with Docker Swarm. Unfortunately I have problems with quite a simple task: Expose a Port of a single nginx container.
My test setup constists of two servers. One is a worker node only, the other one has all roles. I have used the following Guide and added an additional worker Node: https://rancher.com/docs/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/

After everything got smoothly up and running, I created a new Cluster (opstest) and Project (ops) and namespace (ops-namespace). Inside that namespace I’ve created a new workload containing an nginx container with the following port mapping:

Port Mapping

Port Name Publish the container port Protocol As a On listening port
ops-nginx 80 TCP NodePort 30005

The container/workload is up and running but the thing is, with ‘netstat -tulpen’ I don’t see - on any of my both test hosts - that this port gets exposed at port 30005 (or any other port). Of course the container/nginx is also not reachable from outside. I have used all possible settings using HostPort and so on with no success. What am I missing here? Thanks guys for helping me out! :slight_smile:

2

Port mapping is done with iptables rules, there is no process “listening” on them to see in netstat. Make sure there aren’t other rules dropping the request.

A HostPort is published to one node, a NodePort to every (worker) node.

3

Hi vincent,

thanks for helping me out. I forgot to mention that I also don’t see any iptables rules. I’ve created a Workload with the settings explained above. On my worker node it looks like that:

root@docktest2:~# docker ps
CONTAINER ID        IMAGE                                COMMAND                  CREATED              STATUS              PORTS               NAMES
28e3df45b471        nginx                                "/docker-entrypoint.…"   About a minute ago   Up About a minute                       k8s_nginx_nginx-8f48b45d8-j7bjz_ops-namespace_795517b7-8448-4471-b466-10ab8b8d5508_0
834c66b74515        rancher/pause:3.1                    "/pause"                 About a minute ago   Up About a minute                       k8s_POD_nginx-8f48b45d8-j7bjz_ops-namespace_795517b7-8448-4471-b466-10ab8b8d5508_0
ec7181bec045        4e9f801d2217                         "/opt/bin/flanneld -…"   47 hours ago         Up 47 hours                             k8s_kube-flannel_canal-94cq7_kube-system_def55ae5-64fe-4c94-91c7-9b0d22e69b96_1
...

Above you can see the nginx container running, but if I take a look at the iptables rules on that node I see nothing (also non with iptables-legacy):

root@docktest2:~# iptables -nvL |grep 30005
# Warning: iptables-legacy tables present, use iptables-legacy to see them
root@docktest2:~# iptables -t nat -L |grep 30005
# Warning: iptables-legacy tables present, use iptables-legacy to see them