Mercurial > repos > enis > gcp_batch_netcat

annotate DEBUGGING_GUIDE.md @ 11:fe0bf22037a5 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
planemo upload for repository https://github.com/afgane/gcp_batch_netcat commit f730cbb207e028a5d4fd982fe65ece7345af4879
author enis
date Thu, 14 Aug 2025 16:39:36 +0000
parents b2ce158b4f22
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
1 # GCP Batch - Kubernetes Connectivity Debugging Guide
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
2
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
3 ## Analysis of Your Test Results
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
4
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
5 Based on your Google DNS test output, here's what we learned:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
6
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
7 ### ✅ What's Working
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
8 - **External connectivity is functional**: GCP Batch can reach 8.8.8.8:53
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
9 - **Basic networking is operational**: The Batch worker has internet access
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
10 - **DNS resolution works**: The container can resolve external addresses
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
11
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
12 ### ❌ What's Not Working
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
13 - **Kubernetes API unreachable**: `kubernetes.default.svc.cluster.local:443` failed
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
14 - **Container tooling limited**: `ip` command not available in the container
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
15
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
16 ### 🔍 Key Insight
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
17 This confirms the **core networking issue**: GCP Batch workers (external VMs) cannot reach Kubernetes cluster-internal services, even when in the same VPC. This is **expected behavior** - Kubernetes services are not accessible from outside the cluster by default.
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
18
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
19 ## Immediate Action Required
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
20
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
21 Since Kubernetes services aren't accessible from GCP Batch, you need to expose your NFS service externally. Here are your options:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
22
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
23 ### 🚀 Quick Fix: NodePort Service (Recommended for Testing)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
24
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
25 This is the fastest way to test connectivity. Create a NodePort service that exposes your NFS server:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
26
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
27 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
28 # First, find your current NFS service
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
29 kubectl get svc | grep -i nfs
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
30
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
31 # Create a NodePort service (replace with your actual NFS service details)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
32 kubectl create service nodeport nfs-ganesha-external \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
33 --tcp=2049:2049 \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
34 --node-port=32049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
35
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
36 # Or apply this YAML:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
37 cat <<EOF | kubectl apply -f -
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
38 apiVersion: v1
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
39 kind: Service
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
40 metadata:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
41 name: nfs-ganesha-external
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
42 spec:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
43 type: NodePort
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
44 ports:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
45 - port: 2049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
46 targetPort: 2049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
47 nodePort: 32049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
48 selector:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
49 # Replace with your actual NFS pod labels
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
50 app: nfs-ganesha
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
51 EOF
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
52 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
53
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
54 Then test with your tool using a GKE node IP and port 32049:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
55
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
56 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
57 # Get a node IP
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
58 kubectl get nodes -o wide
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
59
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
60 # Test connectivity to <node-ip>:32049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
61 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
62
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
63 ### 🎯 Production Fix: LoadBalancer with Firewall Rules
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
64
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
65 For production, use a LoadBalancer service with proper firewall configuration:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
66
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
67 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
68 # Create LoadBalancer service
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
69 cat <<EOF | kubectl apply -f -
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
70 apiVersion: v1
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
71 kind: Service
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
72 metadata:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
73 name: nfs-ganesha-lb
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
74 spec:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
75 type: LoadBalancer
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
76 ports:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
77 - port: 2049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
78 targetPort: 2049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
79 selector:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
80 # Replace with your actual NFS pod labels
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
81 app: nfs-ganesha
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
82 EOF
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
83
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
84 # Wait for external IP assignment
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
85 kubectl get svc nfs-ganesha-lb -w
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
86
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
87 # Create firewall rule allowing GCP Batch to access NFS
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
88 gcloud compute firewall-rules create allow-nfs-from-batch \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
89 --allow tcp:2049 \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
90 --source-ranges 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
91 --description "Allow NFS access from GCP Batch workers"
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
92 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
93
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
94 ### 📋 Next Steps
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
95
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
96 1. **Implement NodePort solution** for immediate testing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
97 2. **Test connectivity** using your enhanced debugging tool with `test_type=custom`
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
98 3. **If NodePort works**, move to LoadBalancer for production use
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
99 4. **Update Galaxy configuration** to use the new NFS endpoint
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
100
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
101 ### 💡 Why This Happens
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
102
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
103 Your test results confirm what we suspected: GCP Batch workers are essentially external VMs that cannot access Kubernetes ClusterIP services. This is standard Kubernetes behavior - internal services are isolated from external networks for security.
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
104
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
105 ## The Core Problem
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
106
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
107 You're experiencing a classic networking issue where GCP Batch workers (running outside your Kubernetes cluster) cannot reach services inside the cluster, even when they're in the same VPC/subnet. This is because:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
108
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
109 1. **GCP Batch runs on Compute Engine VMs** outside your GKE cluster
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
110 2. **Kubernetes services** (like NFS ClusterIP services) are only accessible from within the cluster by default
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
111 3. **LoadBalancer services** should work, but there might be firewall rules blocking traffic
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
112
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
113 ## 🔍 Quick Diagnostic Commands
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
114
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
115 Run these commands to understand your current setup before making changes:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
116
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
117 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
118 # 1. Find your current NFS-related services and pods
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
119 kubectl get svc,pods | grep -i -E "(nfs|ganesha|storage)"
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
120
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
121 # 2. Check what's actually running
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
122 kubectl get pods -o wide | grep -i nfs
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
123
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
124 # 3. Look at your current service configuration
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
125 kubectl get svc -o wide | grep -i nfs
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
126
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
127 # 4. Check if you have any existing LoadBalancer services
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
128 kubectl get svc --field-selector spec.type=LoadBalancer
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
129
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
130 # 5. Get node IPs for potential NodePort testing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
131 kubectl get nodes -o wide --no-headers | awk '{print $1 "\t" $7}'
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
132 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
133
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
134 ## 🎯 Your Specific Issue Summary
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
135
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
136 Based on your test output:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
137 - ✅ **GCP Batch networking works** (can reach 8.8.8.8:53)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
138 - ❌ **Cannot reach Kubernetes services** (kubernetes.default.svc.cluster.local:443 failed)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
139 - 📍 **Root cause**: NFS service is likely ClusterIP type (internal only)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
140 - 🔧 **Solution**: Expose NFS externally via NodePort or LoadBalancer
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
141
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
142 ## Debugging Steps
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
143
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
144 ### 1. Test External Connectivity First
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
145 Use the enhanced tool with `test_type=google_dns` to verify basic connectivity works:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
146 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
147 Test Type: Google DNS - External Test
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
148 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
149 This should succeed and confirms GCP Batch networking is working.
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
150
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
151 ### 2. Check Your NFS Service Type and Configuration
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
152
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
153 Run these commands to examine your current NFS setup:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
154
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
155 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
156 # Check NFS-related services
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
157 kubectl get svc | grep -i nfs
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
158 kubectl get svc | grep -i ganesha
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
159
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
160 # Get detailed service info
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
161 kubectl describe svc <your-nfs-service-name>
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
162
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
163 # Check endpoints
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
164 kubectl get endpoints | grep -i nfs
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
165 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
166
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
167 ### 3. Common Solutions
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
168
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
169 #### Option A: Use NodePort Service
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
170 NodePort services are accessible from external networks:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
171
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
172 ```yaml
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
173 apiVersion: v1
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
174 kind: Service
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
175 metadata:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
176 name: nfs-ganesha-nodeport
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
177 spec:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
178 type: NodePort
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
179 ports:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
180 - port: 2049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
181 targetPort: 2049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
182 nodePort: 32049 # or let K8s assign
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
183 selector:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
184 app: nfs-ganesha
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
185 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
186
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
187 Then test with the node IP:port (e.g., `<node-ip>:32049`)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
188
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
189 #### Option B: LoadBalancer with Correct Firewall Rules
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
190 Ensure your LoadBalancer service has proper firewall rules:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
191
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
192 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
193 # Check your LoadBalancer service
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
194 kubectl get svc <nfs-service-name> -o yaml
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
195
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
196 # Create firewall rule if needed
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
197 gcloud compute firewall-rules create allow-nfs-from-batch \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
198 --allow tcp:2049 \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
199 --source-ranges 10.0.0.0/8 \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
200 --target-tags gke-<cluster-name>-node
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
201 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
202
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
203 #### Option C: Use Cloud Filestore
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
204 For production Galaxy deployments, consider using Google Cloud Filestore instead of in-cluster NFS:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
205
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
206 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
207 # Create Filestore instance
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
208 gcloud filestore instances create galaxy-filestore \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
209 --tier=STANDARD \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
210 --file-share=name="galaxy",capacity=1TB \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
211 --network=name="<your-vpc>" \
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
212 --zone=<your-zone>
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
213 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
214
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
215 ### 4. Network Debugging Commands
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
216
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
217 Run these on a GKE node to understand the network setup:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
218
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
219 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
220 # Get node info
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
221 kubectl get nodes -o wide
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
222
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
223 # Check what's running on nodes
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
224 kubectl get pods -o wide | grep nfs
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
225
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
226 # Test from a pod inside the cluster
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
227 kubectl run debug-pod --image=nicolaka/netshoot -it --rm -- /bin/bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
228 # Then inside the pod:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
229 nc -zv <nfs-service-ip> 2049
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
230 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
231
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
232 ### 5. Advanced Debugging with Enhanced Tool
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
233
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
234 Use the enhanced tool I created to test different scenarios:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
235
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
236 1. **Test Galaxy Web Service**: `test_type=galaxy_web`
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
237 - This will try to find and test your Galaxy web service
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
238 - If this fails too, it's a broader networking issue
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
239
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
240 2. **Test Custom Endpoints**: `test_type=custom`
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
241 - Test specific IPs you know should work
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
242 - Try testing a GKE node IP directly
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
243
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
244 3. **Check Kubernetes DNS**: `test_type=k8s_dns`
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
245 - This tests if Batch workers can reach Kubernetes cluster services
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
246
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
247 ## 🛠️ Enhanced Container Tools
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
248
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
249 The updated Docker container (`afgane/gcp-batch-netcat:0.2.0`) now includes comprehensive networking tools:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
250
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
251 ### Core Network Tools
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
252 - `ip` - Advanced IP routing and network device configuration
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
253 - `ping` - Basic connectivity testing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
254 - `nslookup`/`dig` - DNS resolution testing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
255 - `curl`/`wget` - HTTP/HTTPS testing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
256 - `telnet` - Port connectivity testing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
257 - `traceroute` - Network path tracing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
258 - `netstat` - Network connection status
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
259 - `ss` - Socket statistics
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
260 - `tcpdump` - Network packet capture
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
261 - `nmap` - Network scanning and port discovery
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
262
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
263 ### Enhanced Test Script
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
264
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
265 With these tools, the container can now provide much more detailed debugging information:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
266
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
267 ```bash
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
268 # Network interface details
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
269 ip addr show
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
270 ip route show
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
271
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
272 # DNS resolution testing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
273 nslookup target-host
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
274 dig target-host
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
275
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
276 # Port scanning
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
277 nmap -p 2049 target-host
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
278
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
279 # HTTP/HTTPS testing (for web services)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
280 curl -v http://target-host:port
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
281
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
282 # Network path tracing
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
283 traceroute target-host
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
284 ```
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
285
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
286 ## Root Cause Analysis
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
287
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
288 Based on your description, the most likely issues are:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
289
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
290 1. **ClusterIP services** are not accessible from outside the cluster (expected behavior)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
291 2. **LoadBalancer services** might have firewall rules blocking GCP Batch source IPs
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
292 3. **Network policies** in your cluster might be blocking external traffic
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
293 4. **GKE cluster** might be using a different subnet than GCP Batch workers
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
294
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
295 ## Recommended Solution
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
296
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
297 For Galaxy on GKE with GCP Batch integration, I recommend:
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
298
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
299 1. **Use Google Cloud Filestore** for shared storage (most reliable)
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
300 2. **If using in-cluster NFS**, expose it via NodePort or LoadBalancer with proper firewall rules
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
301 3. **Test with the enhanced debugging tool** to get detailed network information
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
302
b2ce158b4f22 planemo upload commit ece227052d14d755b0d0b07a827152b2e98fb94b
enis
parents:
diff changeset
303 Would you like me to help you implement any of these solutions or analyze the output from the enhanced debugging tool?