NodePort exposed Port connection refused

Question

Following a tutorial on Kubernetes and got stuck after the logs look fine, but the port exposed doesn't work : "Connection Refused" using Chrome / curl.

Used a yaml file to power up the service via NodePort / ClusterIP.

posts-srv.yaml - Updated

apiVersion: v1
kind: Service
metadata:
  name: posts-srv
spec:
  type: NodePort
  selector:
    app: posts
  ports:
    - name: posts
      protocol: TCP
      port: 4000
      targetPort: 4000
      nodePort: 32140

posts-depl.yaml - Updated

apiVersion: apps/v1
kind: Deployment
metadata:
  name: posts-depl
spec:
  replicas: 1
  selector:
    matchLabels:
      app: posts
  template:
    metadata:
      labels:
        app: posts
    spec:
      containers:
        - name: posts
          image: suraniadi/posts
          ports:
            - containerPort: 4000

$ kubectl get deployments
NAME         READY   UP-TO-DATE   AVAILABLE   AGE
posts-depl   1/1     1            1           27m
$ kubectl get services
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP          27h
posts-srv    NodePort    10.111.64.122   <none>        4000:32140/TCP   21m
$ kubectl get pods
NAME                          READY   STATUS    RESTARTS   AGE
posts-depl-79b6889f89-rxdv2   1/1     Running   0          26m
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}

Answer 1

For structural reasons, it's better to specify the nodePort in your service yaml configuration file or kubernetes will allocate it randomly from the k8s port range (30000-32767). In the ports section it's a list of ports no need, in your case, to specify a name check the nodePort_docs for more infos. This should work for you :

apiVersion: v1
kind: Service
metadata:
  name: posts-srv
spec:
  type: NodePort
  selector:
    app: posts
  ports:
    - port: 4000
      targetPort: 4000
      nodePort: 32140
      protocol: TCP

To connect to the nodePort service verify if any firewall service is up then verify that this port is enabled in your VMs : (centos example)

sudo firewall-cmd  --permanent --add-port=32140/tcp

Finally connect to this service using any node IP address (not the CLusterIP, this IP is an INTERNAL-IP not accessible outside the cluster) and the nodePort : <node_pubilc_IP>:<nodePort:32140>