Testing connection out from within running container. Kubernetes. Amazon Linux 2 - amazon-web-services

I am trying to test an outbound connection from within a Amazon Linux 2 container that is running in Kubernetes. I have a service set up and I am able to telnet to that service through a VPN. But I want to test a connection coming out from that container. Is there a way that this can be done.
I have tried the ping, etc. but the commands all say "command not found"
Is there any command I can run that can test an outbound connection?

Please provide more context. What exact image are you running? When debugging connectivity of kubernetes pods and services, you can exec into the pod with
kubectl exec -it <pod_name> -n <namespace> -- <bash|ash|sh>
Once you gain access to the pod and can emulate a shell inside, you can update + upgrade the runtime with the package manager (apt, yum, depends on the distro).
After upgrading, you can install curl and try to curl an external site.

Related

Cannot access to localhost

I deployed an application on Google Cloud (GKE). In order to access its UI, I did port-forwarding(port 9090). When I use Cloud Shell web preview I can access the UI. However, when I tried to open localhost:9090 in my browser, I cannot access. Do you know why I cannot access from my browser, is it normal?
Thank you!
Answered provided in the comments by a community member.
Do you know why I cannot access from my browser, is it normal?
Cloud Shell is where you're running kubectl port-forward. Port forwarding only applies to the host on which the command is run unless you have a chain of port-forwarding commands. If you want to access the UI from your local host, then you will need to run the kubectl port-forward on your local host too.
So how can I can run kubectl port-forward command on my local host for the application that I deployed cloud? Should I install Google Cloud CLI on my local machine?
I assumed (!) that you're using kubectl port-forward on Cloud Shell. If that's correct, then you need to install kubectl on your local machine to run it there. Because of the way that GKE authenticates, it may also be prudent to install gcloud on your local machine. You can then use gcloud container clusters get-credentials ... to create a local Kubernete (GKE) config file on your local machine that is then used by kubectl commands.

Connect to a container running in Docker (Redis) from Cloud Run Emulator locally

I'm making local cloud run services with the Cloud Code plugin to Intellij (PyCharm) but the locally deployed service cannot connect to the redis instance running in Docker:
redis.exceptions.ConnectionError: Error 111 connecting to 127.0.0.1:6379. Connection refused.
I can connect to the locally running redis instance from a python shell, it's just the cloud run service running in minikube/docker that cannot seem to connect to it.
Any ideas?
Edit since people are suggesting completely unrelated posts - The locally running Cloud Run instance makes use of Docker and Minikube to run, and is automatically configured by Cloud Code for Intellij. I suspect that Cloud Code for intellij puts Cloud Run instances into an environment that cannot access services running on MacOS localhost (but can access the Internet), which is why I tagged those specific items in the post. Please limit suggestions to ones that takes these items into account.
If you check Docker network using:
docker network list
You'll see a network called cloud-run-dev-internal. You need to connect your Redis container to that network. To do that, run this command (This instruction assumes that your container name is some-redis):
docker network connect cloud-run-dev-internal some-redis
Double check that your container is connected to the network:
docker network inspect cloud-run-dev-internal
Then connect to Redis Host using the container name:
import redis
...
redis_host = os.environ.get('REDISHOST', 'some-redis')
redis_port = int(os.environ.get('REDISPORT', 6379))
redis_client = redis.StrictRedis(host=redis_host, port=redis_port)

Portainer not able to list the running containers on Rancher OS

I am trying portainer and trying to connect remote host. I am getting error failure on retrieve the containers. when I try with Docker -H remote:2375 info on portainer server I am getting docker is running on host error.
Can anyone help me on this?
I am trying with AWS Rancher machine. Installed portainer on rancher machine. And I am not able to figure out on which port, Docker daemon is running on AWS rancher server.
I did
sudo netstat -latuxen | grep docker
and tried to connect all ports listed there. but still I am getting the same error.
Please help me with this
Portainer needs the Docker API to be exposed in order to manage it.
Portainer can connect to the Docker API in two different ways:
Using a bind mount to the Docker socket (available on Linux and Docker for Windows (Docker in a VM) only, e.g. no native Windows containers)
Connecting to the Docker API via TCP (requires you to expose that TCP port in the Docker daemon configuration)
As you've already experienced:
when I try with Docker -H remote:2375 info on portainer server I am getting docker is running on host error
This means that the Docker API is not exposed via TCP, I suggest that you read more about how to do that in the Docker documentation (this will basically depend on your platform).
For example, here is the documentation part on how to configure the Docker daemon on Ubuntu: https://docs.docker.com/engine/admin/#/configuring-docker
If you can't connect via docker -H remote, neither Portainer will be able to connect unless you're able to start a container locally and use a bind mount to the Docker socket.
I also recommend you to read Portainer documentation, especially the deployment section: https://portainer.readthedocs.io/en/stable/deployment.html

How to run sonatype nexus on aws ec2?

I need to put sonatype nexus3 up on AWS. Following an old tutorial for nexus 2, I was led to try this on EC2. What I'm currently trying is an instance with a security group that allows inbound requests from anywhere on ports 80,8080,22,4000,443, and 8081. I'm using a Amazon Linux AMI 2016.09.0 (HVM), SSD Volume Type instance. I install docker using the instructions from here http://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-basics.html#install_docker. I then simply use the official docker image from here https://hub.docker.com/r/sonatype/nexus3/ with the following command.
docker run -d -p 8081:8081 --name nexus sonatype/nexus3
Using docker ps I can confirm that this seems to be running. When I try to connect to the provided public DNS url ending with amazonaws.com on port 8081, I simply get connection refused. Same thing on port 80 or any of the other ports and the same thing when I add /nexus to the end of the URL.
Attempting the quick test that documentation for this image suggests:
>curl -u admin:admin123 http://localhost:8081/service/metrics/ping
curl: (56) Recv failure: Connection reset by peer
Using the exact same docker command on my local machine (OS X) I am able to access nexus on localhost. Why can't I get this working?
The issue appears to have been with Sonatype's official image. This image which works the exact same way, works perfectly with the exact same process.

How to docker attach to a container - Google Cloud Platform / Kubernetes

I have a containerized app running on a VM. It consists of two docker containers. The first contains the WebSphere Liberty server and the web app. The second contains PostgreSQL and the app's DB.
On my local VM, I just use docker run to start the two containers and then I use docker attach to attach to the web server container so I can edit the server.xml file to specify the public host IP for the DB and then start the web server in the container. The app runs fine.
Now I'm trying to deploy the app on Google Cloud Platform.
I set up my gcloud configuration (project, compute/zone).
I created a cluster.
I created a JSON pod config file which specifies both containers.
I created the pod.
I opened the firewall for the port specified in the pod config file.
At this point:
I look at the pod (gcloud preview container kubectl get pods), it
shows both containers are running.
I SSH to the cluster (gcloud compute ssh xxx-mycluster-node-1) and issue sudo docker ps and it shows the database container running, but not the web server container. With sudo docker ps -l I can see the web server container that is not running, but it keeps trying to start and exiting every 10 seconds or so.
So now I need to update the server.xml and start the Liberty server, but I have no idea how to do that in this realm. Can I attach to the web server container like I do in my local VM? Any help would be greatly appreciated. Thanks.
Yes, you can attach to a container in a pod.
Using Kubernetes 1.0 issue the following command:
Do:
kubectl get po to get the POD name
kubectl describe po POD-NAME to find container name
Then:
kubectl exec -it POD-NAME -c CONTAINER-NAME bash Assuming you have bash
Its similar to docker exec -it CONTAINER-NAME WHAT_EVER_LOCAL_COMMAND
On the machine itself, you can see crash looping containers via:
docker ps -a
and then
docker logs
you can also use kubectl get pods -oyaml to get details like restart count that will validate that the container is crash-looping.