Connection issue in a pod

I’m having the issue that the pod cannot connect to *.cloud.okteto.net domain

In the container

/usr/src/bogabot-web # curl http://cms-uat-boogabot-chris-lsn.cloud.okteto.net/api/articles
^C
/usr/src/bogabot-web # ping cms-uat-boogabot-chris-lsn.cloud.okteto.net
PING cms-uat-boogabot-chris-lsn.cloud.okteto.net (35.225.69.73): 56 data bytes
64 bytes from 35.225.69.73: seq=0 ttl=64 time=0.137 ms
64 bytes from 35.225.69.73: seq=1 ttl=64 time=0.087 ms
64 bytes from 35.225.69.73: seq=2 ttl=64 time=0.112 ms
64 bytes from 35.225.69.73: seq=3 ttl=64 time=0.136 ms
64 bytes from 35.225.69.73: seq=4 ttl=64 time=0.105 ms
64 bytes from 35.225.69.73: seq=5 ttl=64 time=0.094 ms
^C
--- cms-uat-boogabot-chris-lsn.cloud.okteto.net ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 0.087/0.111/0.137 ms
/usr/src/bogabot-web #

My PC

  hello-world git:(main) curl http://cms-uat-boogabot-chris-lsn.cloud.okteto.net/api/articles
{"data":[{"id":13,"attributes":{"title":"【上台優惠2022】手機上台月費比較 即搵最抵4G/5G上網Plan","introduction":"電話上網成為都市人每月的必要支出，當然要選擇一間訊號穩定、收費合理的電訊供應商啦！但你知道 4G / 5G 上網 Plan 其實有甚麼分別嗎？哪些公司有提供 2022 上台優惠？Booga幫你比較各台手機月費價錢，幫你尋找最抵 4G / 5G 上網 Plan！","body":"<p>電話上網成為都市人每月的必要支出，當然要選擇一間訊號穩定、收費合理的電訊供應商啦！但你知道 4G / 5G 上網 Plan 其實有甚麼分別嗎？哪些公司有提供 2022 上台優惠？Booga幫你比較各台手機月費價錢，包括 3 上台優惠、SmarTone 上台優惠、CSL 上台優惠、中國移動上台優惠，幫你尋找最抵 4G / 5G 上網 Plan！</p><h3>選擇上台優惠第一步：4G 4.5G 5G 分別是？</h3><p>近一兩年有關 5G 手機上網的廣告鋪天蓋地，5G 其實是現時最新的手機網絡技術，而上網速度最高可以比 4G 快達 20 倍。</p><p>但要留意，並非市面上的每部電話都支援 5G 網絡，例如 iPhone 系列就只有最新的 iPhone 12 才能搭配 5G 網絡。怕麻煩的話你可以直接選擇出機上台，現時更有不少電訊公司推出 5G 出機上台優惠，例如 SmarTone 就推出 Samsung Galaxy Note20、Note20 Ultra 零機上台優惠、Three亦有「手機現金券」計劃，有高達 $9000 限額可以用於上台出 5G 手機。<br>&nbsp;</p><p style=\"text-align:center;\"><a href=\"https://boogabot.com/search?businessType=personal&amp;serviceType=sim\">即睇 5G 上台優惠推介！</a><br>&nbsp;</p><p>而 4G、4.5G 則是現時最普遍的手機網絡，雖然速度不及 5G 快，但一般使用絕對沒有問題，就算要打機、觀看 YouTube 影片等等亦十分流暢。更重要的是 4G、4.5G 上台價錢比 5G 便宜得多，在Booga上台優惠推薦下，很多 4G 上台計劃最平只需要月費幾十元，就可以享用無限數據網絡。</p><h3>上台優惠慳錢第二步：共享月費計劃</h3><p>除了個人上台計劃之外，不少電訊公司都推出共享上台優惠，一個月費就可以出數張SIM卡，共用指定的網路限額。</p><p>不要以為共享月費只適合家庭選用，其實現時....

Hi Chris!

Is that shell inside the dev container, after you run okteto up?

Remember that when you are inside the dev container, you need to rerun your app so that the server accepts the connections.

Let’s say you have a node application: once you run okteto up you’ll then have to get the server up with something like node start.

If you want to run curl commands inside the dev pod at the same time you are developing your app, you should check out the okteto exec command

@chris-lsn did you find the cause of the issue? I’m having the exact same problem, calling the url from a browser or cli outside of k8s cluster works fine perfectly, but when trying the same url from inside the k8s cluster (any pod) it times out, seems an issue with CoreDNS timing out on external dns resolution from inside k8s cluster.

Hi,

We believe the issue came up from a recent change we did in the network policies. We have restricted some traffic and is affecting the communication between services exposed in Okteto when using the public endpoint. To communicate with services within the same namespace, we recommend you to use the service name instead of using the public domain, the request will use the internal network and have better performance.

We are working on changing these rules to allow again that traffic. I’ll let you know when we apply the changes.

Hi,

Thanks for the quick reply, appreciate it. Regarding to communicating through service name is a valid option, the only problem with that is I have to aware the service that is being called from front-end/public and that can be accomplished through X-Forward-* headers.

I was not able to perform that config on ingress due to okteto security reasons, tried with nginx.ingress.kubernetes.io/configuration-snippet: besides with nginx configmap approach, so Im dead in the water at this point, any suggestions is much appreciated, thanks!

@elreclamador I think it would be best to not rely on the ingress controller for this, especially, if this is always service-to-service traffic. For this case I would recommend adding an nginx to your deployment. Then you can manage this nginx config as you see fit. So, if you have service A communicating to service B. The path would be A->nginx->B and the address for nginx would probably be nginx:<port>. This assumes you always need service-to-service and that you can configure nginx to route based on path or something other than host name. Even if you do need hostname routing it may be possible by adding multiple services for the single nginx deployment. This is a bit off-topic for the original connection issue though so if you have more questions let’s migrate to a new question.

@Jacob I thought on that solution as well but was adding extra hops and software that should not be needed when deploying on a prod cloud env where you have total control over k8s cluster, beside still need to forward X-forwarded-* headers from ingress to nginx to aware FE/original IP communication, anyhow thanks for the quick replies and help! much appreciated! have a nice day.

Hi @elreclamador and @chris-lsn

We have applied some network changes and you should be able to connect to the public endpoints of your services from a pod.

Happy coding!

Hi @nacho

Cool! thanks for the update, will give it a try.

Greetings!