Cloud networking
Created: 2021-12-27 15:52:36 -0800 Modified: 2021-12-27 16:55:47 -0800
Background
Section titled BackgroundI seem to struggle every time I have to expose a service through a cloud platform (regardless of the cloud platform). This note is intended to be a checklist for how to work through these issues.
Checklist
Section titled Checklist- Is the service running?
- See if you can connect to the machine or container.
- In Kubernetes, you can follow these instructions: kubectl exec —stdin —tty shell-demo — /bin/bash
- See if you can SSH.
- Can you not SSH?
- Are you using the right username, host, and SSH key?
- For any other SSH issues, you can potentially consult other top-level bullet points in this list.
- Can you not SSH?
- cURL localhost and the port from the machine itself to see if it’s working. If it isn’t, check any logs from the service itself to see if it started correctly.
- See if you can connect to the machine or container.
- Can you reach the service from another machine or container in the same VPC?
- If not, perhaps the service is only serving on localhost and not any host (0.0.0.0).
- Can you reach the server from another network (e.g. over the Internet)?
- If not, check your firewall rules and security-group rules, and ensure that a public IP was assigned to something in the stack (either the machine/container directly or a load balancer). E.g. on AWS, you need to make sure your subnet has a route to the Internet Gateway on 0.0.0.0/0.
- Did you point DNS to the machine/container that you want to expose? This part isn’t necessary, but it will let you use a domain name rather than the IP address (which is helpful even for services that only machines will contact).