I have a virtual box K8 cluster of 3 master and 2 worker nodes.
K8 1.25.2
nginx Ingress version latest : https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/
nginx is installed as daemon set
Ingress controller is installed.when I browse the HTTP site is gives a response back...but when I browse https it throws the subject error.
The service looks fine.
nginx-ingress nginx-ingress NodePort 10.105.102.110 80:30127/TCP,443:31946/TCP 2d11h
This is my ingress resource file
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: relouat-ingress
namespace: relouat
annotations:
nginx.org/rewrites: "serviceName=app1-svc rewrite=/;serviceName=app2-svc rewrite=/"
#nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.org/redirect-to-https: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
#ingressClassName: nginx
tls:
- hosts:
- uat.relo.com
secretName: relo-ingress-tls
rules:
- host: uat.relo.com
http:
paths:
- backend:
service:
name: app1-svc
port:
number: 2041
path: /app1/
pathType: Prefix
- backend:
service:
name: app2-svc
port:
number: 2042
path: /app2/
pathType: Prefix
Related
I am trying to reach out to two services from my DNS.
Example:- myportal.com
myportal.com/app1
I have my SSO and SSL implementation on "myportal.com" and on the home page I have a button which calls a service "myportal.com/app1". I have tried multiple things but I am not able to configure both properly.
From below ingress config I am able to redirect to "myportal.com/app1" but its not working properly for "myportal.com". I have tried multiple thing including default backend and its not working for me. When I use default backend then "myportal.com" works but it stops redirecting to /app1.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myportal-ingress-test
namespace: appspace
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- myportal.com
secretName: secret
rules:
- host: myportal.com
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: portal-service
port:
number: 8097
- pathType: Prefix
path: /app1(/|$)(.*)
backend:
service:
name: app-ui-service
port:
number: 8087
I am fairly new to kubernetes and I am not sure if it's the correct way to implement such things. I am open to new implementation too if it's using ingress and routing to different services using same dns on different path.
Thanks in advance for the help!
I was able to resolve this issue. The redirect in an ingress file would work for all the paths, so I created a separate ingress for each path with individual redirects.
Ingress 1 - myportal.com (with SSO and SSL)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gcpportal-service-test
namespace: appspace
annotations:
nginx.ingress.kubernetes.io/x-forwarded-prefix: /myportal-service
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- myportal.com
secretName: secret
defaultBackend:
service:
name: myportal-service
port:
number: 80
rules:
- host: myportal.com
Ingress 2 - myportal.com/app1 (application deployed)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gcpportal-service-test-1
namespace: appspace
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- myportal.com
secretName: secret
rules:
- host: myportal.com
- pathType: Prefix
path: /app1(/|$)(.*)
backend:
service:
name: app1-ui-service
port:
number: 8087
This helped me to resolve this issue. I also verified that this way is also a standard way and is provided in one of the documentation of nginx.
https://kubernetes.github.io/ingress-nginx/user-guide/ingress-path-matching/
I try to run my web application with two backend containers.
/ should be routed to the frontend container
everything starting with /backend/ should go to the backend container.
So fare, so good, but now the css & js files from the /backend are not loaded because the files are referenced in the HTML file like "/bundles/css/style.css" and now ingress controller route this request to the frontend container instead of to the backend.
How can I fix this issue?
Can I fix that with a smart Ingress rule?
Do I need to update the app root of the backend container?
Here my Ingress resource
apiVersion: networking.k8s.io/v1 # for versions before 1.14 use extensions/v1beta1
kind: Ingress
metadata:
name: example
namespace: example
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
tls:
- hosts:
- www.example.ch
secretName: tls-example.ch
rules:
- host: www.example.ch
http:
paths:
- path: /backend(/|$)(.*)
pathType: Prefix
backend:
service:
name: example-backend-svc
port:
number: 8081
- path: /
pathType: Prefix
backend:
service:
name: example-frontend-svc
port:
number: 8080
You can add another path if all files are located in /bundles/* path.
I have given an example manifest file below.
apiVersion: networking.k8s.io/v1 # for versions before 1.14 use extensions/v1beta1
kind: Ingress
metadata:
name: example
namespace: example
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
tls:
- hosts:
- www.example.ch
secretName: tls-example.ch
rules:
- host: www.example.ch
http:
paths:
- path: /backend(/|$)(.*)
pathType: Prefix
backend:
service:
name: example-backend-svc
port:
number: 8081
- path: /bundles
pathType: Prefix
backend:
service:
name: example-backend-svc
port:
number: 8081
- path: /
pathType: Prefix
backend:
service:
name: example-frontend-svc
port:
number: 8080
I have set up an on-premises Kubernetes 1 node cluster on Ubuntu
with nginx-ingress and metalLB
I have 2 problems:
If I go to my site with https://www.example.com it works but it doesn't with https://example.com (bad certificate).
I would like to redirect HTTP to HTTPs (HTTP://example.com not working).
I have no problems with other subdomains (subdomain.example.com)
Here is my Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: clientweb-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1
cert-manager.io/issuer: letsencrypt-prod
spec:
rules:
- host: www.example.com
http:
paths:
- path: /?(.*)
pathType: Prefix
backend:
service:
name: clientweb-service
port:
number: 80
tls:
- hosts:
- example.com
- www.example.com
secretName: ethernial-tls-secret
I have a single host cluster with k8s and I would like to configure a Ingress for each namespace in order to create separated environment: one for production, one for development.
I also took 2 different domains.
When I deploy the production ingress there are no problems, but when I deploy the second ingress the dev environment is unreachable, using port-forward everything seems fine.
The 2 ingresses configuration:
Dev
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.bluemix.net/redirect-to-https: "True"
name: dev-ingress
namespace: dev
spec:
rules:
- host: '*.dev.cloud'
http:
paths:
- backend:
serviceName: web-service
servicePort: 80
path: /
tls:
- hosts:
- '*.dev.cloud'
secretName: dev-cert
Production
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.bluemix.net/redirect-to-https: "True"
name: prod-ingress
spec:
rules:
- host: '*.prod.cloud'
http:
paths:
- backend:
serviceName: web-service
servicePort: 80
path: /
- host: "k8s-host"
http:
paths:
- path: /path/to/api
backend:
serviceName: web-api
servicePort: 3000
tls:
- hosts:
- '*.prod.cloud'
secretName: prod-cert
- hosts:
- "k8s-host"
secretName: k8s-host-cert
I also edited the CNAME record of the 2 domains in order to redirect to the k8s host.
I was expecting that the request from a subdomain of one of the domain would be redirected to the ingress matching the domain.
For example:
https://abc.dev.cloud -> dev-ingress
https://abc.prod.cloud -> prod-ingress
Here is a sample WebSocket app that I'm trying to get it to work from a Kubernetes ingress-nginx controller.
Kubernetes yaml:
echo "
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: ws-example
spec:
replicas: 1
template:
metadata:
labels:
app: wseg
spec:
containers:
- name: websocketexample
image: nicksardo/websocketexample
imagePullPolicy: Always
ports:
- name: http
containerPort: 8080
env:
- name: podname
valueFrom:
fieldRef:
fieldPath: metadata.name
---
apiVersion: v1
kind: Service
metadata:
name: ws-example-svc
labels:
app: wseg
spec:
type: NodePort
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
app: wseg
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ws-example-svc
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myhostname.com
http:
paths:
- backend:
serviceName: ws-example-svc
servicePort: 80
path: /somecontext
" | kubectl create -f -
I get this error:
WebSocket connection to 'ws://myhostname.com/somecontext/ws?encoding=text' failed: Error during WebSocket handshake: Unexpected response code: 400
When I try to connect using a WebSocket client web page like this http://www.websocket.org/echo.html
The version of ingress-nginx is 0.14.0. This version supports WebSockets.
Update, I'm able to directly access the websocket running pod, when I port-forward from my localhost to pod's port.
[rpalaniappan#sdgl15280a331:~/git/zalenium] $ kubectl get pods -l app=wseg
NAME READY STATUS RESTARTS AGE
ws-example-5dddb98cfb-vmdt5 1/1 Running 0 5h
[rpalaniappan#sdgl15280a331:~/git/zalenium] $ kubectl port-forward ws-example-5dddb98cfb-vmdt5 8080:8080
Forwarding from 127.0.0.1:8080 -> 8080
Forwarding from [::1]:8080 -> 8080
Handling connection for 8080
[rpalaniappan#sdgl15280a331:~/git/zalenium] $ wscat -c ws://localhost:8080/ws
connected (press CTRL+C to quit)
< Connected to ws-example-5dddb98cfb-vmdt5
> hi
< hi
< ws-example-5dddb98cfb-vmdt5 reports time: 2018-12-28 01:19:00.788098266 +0000 UTC
So basically this:
nginx.ingress.kubernetes.io/rewrite-target: /
is stripping the /ws from the request (combined with path: /ws) that gets sent to the backend everytime your browser tries to issue a WebSocket connection request. The backend expects /ws when it receives a connection request.
If you specify path: /mypath and /mypath/* it works (works for me):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ws-example-svc
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myhostname.com
http:
paths:
- backend:
serviceName: ws-example-svc
servicePort: 80
path: /mypath
- backend:
serviceName: ws-example-svc
servicePort: 80
path: /mypath/*
https://kubernetes.github.io/ingress-nginx/user-guide/miscellaneous/#websockets
If the NGINX ingress controller is exposed with a service
type=LoadBalancer make sure the protocol between the loadbalancer and
NGINX is TCP.
Sample AWS L4 Service https://github.com/kubernetes/ingress-nginx/blob/master/deploy/provider/aws/service-l4.yaml#L11
# Enable PROXY protocol
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"