Home > Software design >  Azure AKS - Cannot access application deployed on a Pod2 in Cluster2 from another application deploy
Azure AKS - Cannot access application deployed on a Pod2 in Cluster2 from another application deploy

Time:08-05

I am quite new to the kubernetes world but I will try my level best to describe my question.

We have two Kubernetes clusters, say Cluster1 and Cluster2 . Each cluster has 1Deployment-1Pod running. We also have ingress created(loadbalancer - ingress-nginx-controller) for these 2 clusters with 2 different External IPs. This external IPs are then stitched with an AppGateway to expose a hostname using one of its Listener. And we are happily able to invoke APIs of the applications deployed on the above two Pods of both the clusters.

Now, I want to invoke API of Application2 deployed on Pod2 of Cluster2 from Application1 deployed on Pod1 of Cluster1 :

I am able to achieve it if I am using the Appgateway hostname of Cluster2 but I dont want to go via Appgateway instead I want to invoke Application2 directly from Application1. I tried using the ExternalIP of ingress-nginx-controller of Cluster2 as the hostname of the API from Cluster1 but it doesnot go through and fails.

Any idea what basic checks I can do so that I can invoke API calls from one application to another if they are present in different clusters.

CodePudding user response:

After going through a couple of documentations below are the few things which I checked and was able to resolve the above issue :

  1. Search for "Resource Group" on your Azure portal > Check and find the "Resource Group" which contains your cluster(Cluster2). Or another simpler way is to : Open your cluster(Cluster2) > Overview > Under "Essentials" section > Find your "Resource Group".
  2. Now that you have found your "Resource Group", Open it and see which NSG(network security group) is kept with it.
  3. Now you know which NSG is applied on your cluster, Open it and add an "Inbound Security Rule" with details :
Source : Ip Addresses
Source IP addresses/CIDR ranges : <Ip adress/CIDR range of Cluster1>
Source port ranges : *
Destination : Service tag
Destination Service tag :  VirtualNetwork
Service : Custom
Destination port ranges : *
Protocol : Any
Action : Allow
Priority : <Judge the priority number yourself with 100 (highest priority) to 65,000 (lowest priority)>

I used above configs to playaround and fix how to enable requests from 1 cluster to another. It might not be the most appropriate/recommended configs as I am still learning the best practices which 1 should follow while creating NSGs but for you you may refer below MS documentation on Azure virtual networks : https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#security-rules

Oh,,, And are you struggling to get the "Ip adress/CIDR range", trust me you are as Noob as I am. But hey, I will help you out :

Since you already know your cluster name(Cluster1) and Pod name(Pod1), follow below steps :

> Go to your cluster inside Kubernetes Service 
> Click Workloads 
> Go to "Pods" section > Search for "Pod1" 
> Check the Node name of that pod, say "Node1" is your node for the pod 
> Go to "Node Pool"(on the left pane) under "Settings" 
> Go to "Nodes" 
> Match the node name "Node1" and get your "Node Pool", say "NodePool1" 
> Open "NodePool1" 
> Under configration section, here is your "Virtual Network", say VN1 and "Subnet" say Sub1 
> Click on Sub1 
> You will get to see a list of subnets under VN1 
> Identify SN1 
> Right next to the Name, you have a column of IPv4 > And that is your IP Address/CIDR range, it would be in the format - [X.X.X.X/X].

Page link:https//www.codepudding.com/Softwaredesign/500571.html

Prev:Struggling to get good performance for FastAPI on Kubernetes
Next:can't use curl to query neo4j
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding