Kubernetes is based on ubuntu.When I run the application, the address part of ingress is empty.
service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: docker-testmrv
name: docker-testmrv-service
namespace: jenkins
spec:
selector:
app: docker-testmrv
ports:
- protocol: TCP
port: 80
targetPort: 8093
type: LoadBalancer
ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: docker-testmrv
name: docker-testmrv-ingress
namespace: jenkins
spec:
rules:
- host: dockertest.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: docker-testmrv-service
port:
number: 80
ingressClassName: nginx
As you can see in the picture below, the hosts part is empty.I also tried the following in the annotation section, but it didn't work. I've looked and tried other sources as well.
nginx.ingress.kubernetes.io/rewrite-target: /$1
or
ingressclass.kubernetes.io/is-default-class: "true"
or
kubernetes.io/ingressClassName: nginx
kubectl get ing -n jenkins
First we need to ensure nginx enabled and nginx-ingress-controller pod in running status.
Follow below steps to verify :
Enable the NGINX Ingress controller, run the following command:
minikube addons enable ingress
Verify that the NGINX Ingress controller is running
kubectl get pods -n kube-system
As per your YAML, For ingress rule, change the port servicePort from 8093 to 80 the default http port.
Now apply those files and create your pods, service and ingress rule. Wait a few moments, it will take a few moments to get ADDRESS for your ingress rule.
Refer this SO Link
Updated Answer :
Do Nodes have an external ip by default?
If you're using public nodes, each node will have a different public IP and can change every time a node is recreated.
So, Make sure you use the service type as Load balancer to get an external IP on your ingress . NodePort opens any one of the available ports. You can also use NodePort but it might not give you an external IP though instead give a port that will be opened on all the nodes.
Refer this Link to get the difference between cluster IP Node Port and Load balancer different from each other.
Create the service type as Load balancer and add the last line ingressClassName: nginx definition to your ingress yaml. This will work. Refer to this SO
Related
I am trying to setup a Kubernetes cluster using Kubeadm in GCE. I was able to access the deployment using a Nodeport service from the external IP. I am trying to set up an ingress that maps to a domain name but was not able to do it. So far what I have done:
Created a baremetal nginx ingress controller (I am using kubeadm)
Created a Nodeport service on the deployment (was able to connect it from the outside of the cluster)
Created an ingress resource using the configuration below:
and the command kubectl describe ingress my-ingress returns
my-ingress <none> sample.com 10.160.15.210 80, 443 32h which is the internal IP
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
ingressClassName: nginx
spec:
tls:
- hosts:
- sample.com
secretName: sample-tls
rules:
- host: sample.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sample # the nodeport service name of the deployment
port:
number: 8000 # nodeport target port
I cannot access the deployment using sample.com . I double checked the DNS name, using the command dig sample.com and it returns the external IP.
If you created your cluster using GCP, you should have used GCE-GKE installation instructions.
Important difference is that GCE-GKE installation creates LoadBalancer instead of NodePort
I have REST API Web service on Internal GKE cluster which I would like to expose with internal HTTP load balancing.
Let's call this service "blue" service:
I would like to expose it in following mapping:
http://api.xxx.yyy.internal/blue/isalive -> http://blue-service/isalive
http://api.xxx.yyy.internal/blue/v1/get -> http://blue-service/v1/get
http://api.xxx.yyy.internal/blue/v1/create -> http://blue-service/v1/create
http://api.xxx.yyy.internal/ -> http://blue-service/ (expose Swagger)
I'm omitting deployment yaml, since it's less relevant to discussion.
But my service yaml looks like this:
apiVersion: v1
kind: Service
metadata:
name: blue-service
spec:
type: NodePort
ports:
- port: 80
targetPort: 8080
selector:
app: blue-service
My Ingress configuration is the following:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: blue-ingress
annotations:
kubernetes.io/ingress.class: "gce-internal"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: api.xxx.yyy.internal
http:
paths:
- path: /blue/*
backend:
serviceName: blue-service
servicePort: 80
However, I'm receiving 404 for all requests. /blue/v1/get, /blue/v1/create and /blue/isalive returns 404.
In my "blue" application I log all my notFound requests and I can clearly see that my URIs are not being rewritten, the requests hitting the application are /blue/v1/get, /blue/v1/create and /blue/isalive.
What am I missing in Ingress configuration? How can I fix those rewrites?
I solved the problem and writing it here to memo it and hopefully someone will find it as useful.
First problem is that I have mixed annotations types. one of GKE ingress controller and second for Nginx Server controller. Currently GKE ingress controller doesn't support URL rewrite feature, so I need to use nginx ingress controller.
so I need to install Nginx based ingress controller. It cloud be done easily using Helm chart or or deployment yaml. However, by default this controller will expose ingress using external load balancer and this not what I want. So we need to modify deployment charts or YAML file of this controller.
I'm not using Helm, so I downoaded yaml itself using wget command.
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/cloud/deploy.yaml
Open it in editor and find the definition of Service names ingress-nginx-controller in namespace ingress-nginx. Add the following annotation.
cloud.google.com/load-balancer-type: "Internal"
After it I can run kubectl apply -f deploy.yaml command which will create Ingress controller for me. It will take a few minutes to provision it.
In addition I need to open firewall rule which will allow master nodes access worker nodes on port 8443/tcp.
And the last item is an ingress yaml itself which should look like this:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
kubernetes.io/ingress.class: "nginx"
name: blue-ingress
namespace: default
spec:
rules:
- host: api.xxx.yyy.internal
http:
paths:
- backend:
serviceName: blue-service
servicePort: 80
path: /blue(/|$)(.*)
I have 2 kubernetes clusters on digitalocean. One cluster has nginx installed via helm:
helm install nginx bitnami/nginx
I need to "whitelist" the other cluster IP address. So basically one cluster can receive incoming calls to an endpoint from a specific cluster.
I don't know how to configure the helm values.yaml file generated. Normally with nginx we can use:
whitelist-source-range
But the helm chart i don't know how to do it.
thanks
Whitelist-source-range is an annotation that can be added to an Ingress object, for example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whitelist
annotations:
ingress.kubernetes.io/whitelist-source-range: "1.1.1.1/24"
spec:
rules:
- host: whitelist.test.net
http:
paths:
- path: /
backend:
serviceName: webserver
servicePort: 80
You may also need to change service.externalTrafficPolicy to Local
I have setup an ingress for an application but want to whitelist my ip address. So I created this Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/whitelist-source-range: ${MY_IP}/32
name: ${INGRESS_NAME}
spec:
rules:
- host: ${DNS_NAME}
http:
paths:
- backend:
serviceName: ${SVC_NAME}
servicePort: ${SVC_PORT}
tls:
- hosts:
- ${DNS_NAME}
secretName: tls-secret
But when I try to access it I get a 403 forbidden and in the nginx logging I see a client ip but that is from one of the cluster nodes and not my home ip.
I also created a configmap with this configuration:
data:
use-forwarded-headers: "true"
In the nginx.conf in the container I can see that has been correctly passed on/ configured, but I still get a 403 forbidden with still only the client ip from cluster node.
I am running on an AKS cluster and the nginx ingress controller is behind an Azure loadbalancer. The nginx ingress controller svc is exposed as type loadbalancer and locks in on the nodeport opened by the svc.
Do I need to configure something else within Nginx?
If you've installed nginx-ingress with the Helm chart, you can simply configure your values.yaml file with controller.service.externalTrafficPolicy: Local, which I believe will apply to all of your Services. Otherwise, you can configure specific Services with service.spec.externalTrafficPolicy: Local to achieve the same effect on those specific Services.
Here are some resources to further your understanding:
k8s docs - Preserving the client source IP
k8s docs - Using Source IP
It sounds like you have your Nginx Ingress Controller behind a NodePort (or LoadBalancer) Service, or rather behind a kube-proxy. Generally to get your controller to see the raw connecting IP you will need to deploy it using a hostNetwork port so it listens directly to incoming traffic.
I'm trying to set up the LetsEncrypt SSL ceritficate using cert manager.
I have successfully deployed Cert Manager by Helm and stuck at configuring ingress.yaml.
$ sudo kubectl create --edit -f https://raw.githubusercontent.com/jetstack/cert-manager/master/docs/tutorials/quick-start/example/ingress.yaml
I've got this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: kuard
namespace: default
spec:
rules:
- host: example.example.com
http:
paths:
- backend:
serviceName: kuard
servicePort: 80
path: /
tls:
- hosts:
- example.example.com
secretName: quickstart-example-tls
So I just replaced hosts from example.com to my external IP and got this:
A copy of your changes has been stored to "/tmp/kubectl-edit-qx3kw.yaml"
The Ingress "kuard" is invalid: spec.rules[0].host: Invalid value: must be a DNS name, not an IP address
Is there any way to set it up using just my external IP? I have't yet chosen the domain name for my app and want to use just plain IP for demoing and playing around.
No. You cannot use an IP address for the Ingress. To use an IP address, you'd need to configure it to point to your worker nodes and create a NodePort Service, which will allow you to browse to http://IP:NODEPORT.