Validate firewall status from container shell

Shape Image
Shape Image
Validate firewall status from container shell

This might be very simple for lot of people but while working in IT industry, so many years sometime API development team stuck for this issue.

When we deploy our APIs on GKE and APIs calling external services which are located outside of GCP, we required to open firewall OR it might be already open. In this article i will provide step by step guide how to check firewall status from GKE container level.

Make sure you (user) have following roles configured OR you have service account which contains following permission

Permission: container.pods.exec

Following steps can be performed from GCP cloud shell or Terminal (for mac) or powershell (for windows)

Connect to cluster

run this command, “gcloud container clusters get-credentials {YOUR CLUSTER NAME} –region {REGION} –project {PROJECT_NAME}”

Display list of pods

then “kubectl get pods” OR “kubectl get pods –all-namespaces”

This will list down all the pods running in your cluster with different namespaces.

Run container shell

Now the most important step is to pick the pod. Pod for which you need to run container shell

run this command, “kubectl exec –stdin –tty {POD_NAME} — /bin/bash” OR “kubectl exec –stdin –tty {POD_NAME} — /bin/sh”

Check for firewall and open port status

there are multiple ways now as you are logged inside the container shell

If you have host name – “nc -vz {port (optional)}”

if you have IP address – ” telnet 5000″

you can also find out IP address of using nslookup.

Please feel free to add suggestion or comment to improve this post better……

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.