[OCP47][GCP] Unable to access Google metadata from pod.

441 views
Skip to first unread message

Gunjan Garge

unread,
Apr 8, 2021, 1:45:39 AM4/8/21
to OpenShift
Hi All, 

While using OCP on Google Cloud has anyone tried accessing metadata server from inside pods? I am getting connection refused error.

sh-4.4$ curl 'http://metadata.google.internal/computeMetadata/v1/project/?recursive=true' -H 'Metadata-Flavor: Google'
curl: (7) Failed to connect to metadata.google.internal port 80: Connection refused

I am able to access the same from master/worker node. Also able to access it from inside pod when "hostnetwork" is set to "true" in deployment definition. But we don't want to set hostnetwork to true.

Regards,
Gunjan Garge

Todd Walton

unread,
Apr 8, 2021, 2:16:29 PM4/8/21
to open...@googlegroups.com
On Thu, Apr 8, 2021 at 1:45 AM Gunjan Garge <gunja...@gmail.com> wrote:
While using OCP on Google Cloud has anyone tried accessing metadata server from inside pods? I am getting connection refused error.

I'm guessing you get that because the metadata service is only available from inside of the Google Cloud network. Your pod is not inside that network, so when it sends the request it's sending a non-Google-Cloud IP address. You'd probably have to mount the cluster's Google Cloud network inside of the pod (if that's even possible, I don't know) and then tell curl to use that interface to send the request.

What does the metadata service give you that you need inside the pod, if I may ask?

--
Todd

Gunjan Garge

unread,
Apr 9, 2021, 1:41:55 AM4/9/21
to OpenShift
Hi Todd,

Thank you for your response.

Customer is setting some non-sensitive static information in metadata which is fetched by their application deployed on VMs.
Now we are migrating their application to OCP and it not able to fetch information from metadata,google.internal.

For troubleshooting, we ran their application on GKE and application was able to fetch metadata from metadata.google.internal. 

Regards,
Gunjan Garge

Todd Walton

unread,
Apr 9, 2021, 1:07:50 PM4/9/21
to open...@googlegroups.com
On Fri, Apr 9, 2021 at 1:41 AM Gunjan Garge <gunja...@gmail.com> wrote:
Customer is setting some non-sensitive static information in metadata which is fetched by their application deployed on VMs.
Now we are migrating their application to OCP and it not able to fetch information from metadata,google.internal.

I see. That makes sense. Sorry I can't be of more help.

--
Todd

Gunjan Garge

unread,
Apr 10, 2021, 10:01:24 AM4/10/21
to OpenShift
Thank you Todd for your time.

For now to move ahead, we have decided to get required metadata in pipeline and pass it in configmap(mounted as volume) to application.

Regards,
Gunjan Garge
Reply all
Reply to author
Forward
0 new messages