By Xi Chen
I’m following this tutorial: How To Deploy a Scalable and Secure Django Application with Kubernetes | DigitalOcean
I’m stuck in Step 7 - ## Allowing External Access using a Service now.
I configured my service file, and I can view my port and External IP address
(projectenv) D:\Interscale\Project\CustomerPortals\Customer_Portals\backend\myproject\yaml>kubectl get svc app
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
app NodePort <Cluster-IP> <none> 8000:<My Port>/TCP 17s
(projectenv) D:\Interscale\Project\CustomerPortals\Customer_Portals\backend\myproject\yaml>kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
client-portal-nodepool-qjfch Ready <none> 3d5h v1.25.4 <InternalIP> <My External IP> Debian GNU/Linux 11 (bullseye) 5.18.0-0.deb11.4-amd64 containerd://1.4.13
But when I’m trying to access my site, I got this error: # This site can’t be reached
<My External IP address> took too long to respond.
This is the format I input in site: http://<External IP address>:<Port>/admin/
And I runned my django project locally at first, it works fine.
I think the problem is because I’m using the Private Docker Registry. I checked the tutorial in Kubernetes setting the credentials. But I think the configuration process is not so clear. This is the tutorial link: Pull an Image from a Private Registry | Kubernetes
I don’t know what should I put for <your-registry-server>.
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
and I don’t know how to import the ‘regcred’ when I have created it.
So I just modified my Deploy.yaml file like this:
apiVersion: apps/v1
kind: Deployment
metadata:
name: portals-app
labels:
app: app
spec:
replicas: 2
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
containers:
- image: xichen9718/portals_docker_repository:latest
name: app
envFrom:
- secretRef:
name: app-secret
- configMapRef:
name: app-config
ports:
- containerPort: 8000
name: gunicorn
imagePullSecrets:
- name: regcred
Can anyone help me with this problem please
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi there,
What I could suggest is to use a Load Balancer as a service rather than NodePort.
spec:
type: LoadBalancer
selector:
app: polls
ports:
- name: http
protocol: TCP
port: 8000
targetPort: 8000
For more information you can take a look at the following documentation:
https://docs.digitalocean.com/products/kubernetes/how-to/add-load-balancers/
Hope that this helps!
Best,
Bobby
1. External Access Issue
The error “This site can’t be reached” suggests that either:
- The Kubernetes Service isn’t properly exposed.
- The Node’s firewall or security group (if on a cloud provider) is blocking the traffic.
Steps to Debug:
- Check Service Type Your service is of type
NodePort, which means the service should be accessible at:
http://<Node External IP>:<NodePort>
Ensure you’re using the correct NodePort in the URL.
Run:
kubectl get svc app -o yaml
-
Look for the value of
nodePortunderports. -
Open Firewall/Security Group If your cluster is hosted on a cloud provider (like DigitalOcean), ensure:
- The security group/firewall allows incoming traffic to the
NodePort(e.g., port30000-32767). - Verify that the external IP address
<My External IP>is correct and publicly accessible.
- The security group/firewall allows incoming traffic to the
-
Verify Pod Accessibility Check if the pod is running correctly:
kubectl get pods
kubectl logs <pod-name>
-
If there are errors in the logs, they need to be fixed first.
-
Test Service Internally Use a Kubernetes node or pod to check if the service works internally:
curl http://<Cluster-IP>:8000/admin/
If this works internally, it confirms the issue lies in the external exposure.
2. Private Docker Registry Configuration
The problem may also stem from your Kubernetes cluster not being able to pull the image from your private Docker registry.
Steps to Fix:
-
Set the Correct Docker Registry Server The
<your-registry-server>depends on your Docker registry. For example:- Docker Hub:
https://index.docker.io/v1/ - DigitalOcean:
registry.digitalocean.com
Replace
<your-registry-server>with the correct URL.Example for Docker Hub:
- Docker Hub:
kubectl create secret docker-registry regcred \
--docker-server=https://index.docker.io/v1/ \
--docker-username=<your-dockerhub-username> \
--docker-password=<your-dockerhub-password> \
--docker-email=<your-email>
- Verify the Secret Ensure the secret
regcredwas created:
kubectl get secret regcred
- Reference the Secret in Deployment You’ve already referenced
regcredcorrectly in yourimagePullSecrets:
spec:
imagePullSecrets:
- name: regcred
-
This allows Kubernetes to use the secret when pulling the image.
-
Test the Image Pull Manually try pulling the image on a node to ensure credentials are correct:
docker login
docker pull xichen9718/portals_docker_repository:latest
If this works, Kubernetes should also be able to pull the image.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Start building today
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
