cancel
Showing results for 
Search instead for 
Did you mean: 
YoussefMo
Mission Specialist
Mission Specialist
  • 4,885 Views

How can I have 2 pods communicate?

Jump to solution

I have a
A) node.js pod
and a
B) postgresql database pod.
I want the the node.js app on pod A to connect to the database on pod B.

I exposed the service on pod B to create a route.

Pod A can't reach this route.
I tried to even ping this route from inside Pod A, but it still can't.

How can Pod A reach Pod B with the route instead of using the IP ?

Labels (2)
0 Kudos
1 Solution

Accepted Solutions
alexcorcoles
Flight Engineer
Flight Engineer
  • 4,862 Views

Hi,

Ingresses and routes are mostly meant to expose HTTP or HTTPS services outside the cluster.

The PostgreSQL database protocol is not HTTP/HTTPS, and you probably don't want to expose it to anything other than your Node.js pod.

You basically want to create a service for the database, which will allow you to reference the database service using a DNS name. The DO101 course includes a complete example of this (chapter 3, sections 5 and 6), precisely using Node.js and PostgreSQL.

If you don't have access to this course, then maybe take a look at the official K8S documentation about services:

https://kubernetes.io/docs/concepts/services-networking/service/

The default ClusterIP service type will make a service available using a host name within the cluster.

Cheers,

Álex

View solution in original post

6 Replies
alexcorcoles
Flight Engineer
Flight Engineer
  • 4,863 Views

Hi,

Ingresses and routes are mostly meant to expose HTTP or HTTPS services outside the cluster.

The PostgreSQL database protocol is not HTTP/HTTPS, and you probably don't want to expose it to anything other than your Node.js pod.

You basically want to create a service for the database, which will allow you to reference the database service using a DNS name. The DO101 course includes a complete example of this (chapter 3, sections 5 and 6), precisely using Node.js and PostgreSQL.

If you don't have access to this course, then maybe take a look at the official K8S documentation about services:

https://kubernetes.io/docs/concepts/services-networking/service/

The default ClusterIP service type will make a service available using a host name within the cluster.

Cheers,

Álex

YoussefMo
Mission Specialist
Mission Specialist
  • 4,858 Views

Thank you for your anwer, I will check the course, I tried the following:

I created the node.js container on the host, independently of openshift, where I can ping the route of the postgresql service from the host.
I gave the podman run command --network=host

But the node.js container still can't reach the database, despite of the host where this conttainer resides being able to ping the route of the postgresql service.

Isn't the container supposed to reach the postgres app normally this way as it is an external app ?

0 Kudos
alexcorcoles
Flight Engineer
Flight Engineer
  • 4,857 Views

Where are you running this podman container? If you are running it outside the OpenShift cluster, accessing a PostgreSQL service inside the cluster is a bit complex (you will probably need something like MetalLB).

If you want two run Node.js and PostgreSQL inside a cluster, I would recommend using services to communicate. Working with podman will probably not help you figure out how to do this.

If you want to run Node.js outside the cluster and access PostgreSQL running inside a cluster... I would also recommend not doing that- what would be your use case? There are likely easier solutions to apply.

YoussefMo
Mission Specialist
Mission Specialist
  • 4,852 Views

I am working on an online lab for course DO180.

I created the podman container on that host, but I thought the node.js podman container would be able to reach the postgresql pod on the cluster since the host, this container is created on, can ping the exposed route of the postgres pod.

So I thought that in this scenario the podman container should be able to utilize the pod route since the container is outside of the cluster yet the host it is on can reach the route through pinging it.

0 Kudos
alexcorcoles
Flight Engineer
Flight Engineer
  • 4,838 Views

Oh, it might be a bit more complex in that case.

Note that routes complicate a bit networking. This is from an unreleased 4.11 lab, but it should work the same on other labs.

[student@workstation ~]$ oc get route -n openshift-authentication oauth-openshift
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
oauth-openshift oauth-openshift.apps.ocp4.example.com oauth-openshift 6443 passthrough/Redirect None
[student@workstation ~]$ host oauth-openshift.apps.ocp4.example.com
oauth-openshift.apps.ocp4.example.com has address 192.168.50.254
[student@workstation ~]$ oc get service -n openshift-authentication oauth-openshift
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
oauth-openshift ClusterIP 172.30.22.100 <none> 443/TCP 62d
[student@workstation ~]$ oc get pod -n openshift-authentication
NAME READY STATUS RESTARTS AGE
oauth-openshift-68c9484b9-5rv5j 1/1 Running 2 61d
[student@workstation ~]$ oc get pod -n openshift-authentication oauth-openshift-68c9484b9-5rv5j -o yaml

...
state:
running:
startedAt: "2023-01-05T12:32:50Z"
hostIP: 192.168.50.10
phase: Running
podIP: 10.8.0.112
podIPs:
- ip: 10.8.0.112
qosClass: Burstable
startTime: "2022-11-04T14:42:39Z"

A route is more or less a reverse proxy to an internal service, and an internal service more or less exposes a port on a pod, and there are different IP addresses involved. In the example above, there's a route oauth-openshift.apps.ocp4.example.com with address 192.168.50.254, that exposes a service on cluster IP 172.30.22.100, and the pod actually running that service is at 10.8.0.112.

So there's some layers of indirection that relay stuff, and you can't just ping/reach stuff from the routes.

This is explained in better detail on chapter 5 of DO280. Kubernetes networking is a bit hard to wrap your head around of and it can be a bit complex to figure out just by poking at stuff. This complexity is justified and enables many great features, but it adds some difficulty to understanding it.

Cheers,

Álex

0 Kudos
flozano
Moderator
Moderator
  • 4,824 Views

Hi Youseff, what you're trying to do is a very advanced scenario and not at all something you would usually try to do with OpenShift or any other Kubernetes. The general assumption is that Kubernetes manages all containers on its cluster hosts and you do not run anything else on those hosts except Kubernetes.

Beware that podman pods and Kubernetes pods are different things. There's no integration between then. In fact, Kubernetes (or OpenShift) does not use podman (nor Docker!) to run pods and containers.

So if you only run Kubernetes pods, you would use services to control communication between then. If you need something not managed by Kubernetes to communicate with those pods, you usually use ingress (or OpenShift routes) as Alex explained.

Are you doing that just for experimentation, or are you trying to test a solution for a real use case? If you explain your use case I might be able to propose something, but it is very dependent on your particular network and server environment, not at all something generic for any Kubernetes or OpenShift cluster.

0 Kudos
Join the discussion
You must log in to join this conversation.