Develop Reference

nginx ingress redirect traffic

I deployed nginx ingress controller and randomApp to minikube cluster.
I have 2 requirements:
All traffic for "random/.*" should go to the random service
Other paths should go to the nginx.
This configuration is correct?
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: path-rule-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
defaultBackend:
service:
name: ingress-nginx-controller
port:
number: 80
rules:
- host: random.localdev.me
http:
paths:
- path: /random/(.*)
backend:
service:
name: random
port:
number: 8000
pathType: Prefix

You also need to add metadata.annotations: kubernetes.io/ingress.class: "nginx" or spec.ingressClassName: nginx to allow nginx-ingress-controller to discover the ingress.
Also you shouldn't define default backend service as ingress-nginx-controller. Because you will get 503 Service Temporarily Unavailable since nginx-ingress-controller's nginx.conf didn't be configured for this. You can give another nginx server's service for it.

How to directly access ingress-nginx inside minikube

I'm new to K8s and currently following a course that is using K8s.I am using minikube in my local machine. I'm stuck on the part in which I need to directly communicate with ingress-nginx which happens to be in a separate namespace.
Here's some information regarding my setup.
✗ client (main) ✗ kubectl get namespace
NAME STATUS AGE
default Active 25d
ingress-nginx Active 21d
kube-node-lease Active 25d
kube-public Active 25d
kube-system Active 25d
Service
✔︎ client (main) ✗ kubectl get services -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller NodePort 10.105.88.90 <none> 80:30306/TCP,443:31814/TCP 21d
ingress-nginx-controller-admission ClusterIP 10.101.75.17 <none> 443/TCP 21d
My ingress-srv.yaml file
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
labels:
name: ingress-service
spec:
rules:
- host: ticketing.dev
http:
paths:
- pathType: Prefix
path: "/api/users/(.*)"
backend:
service:
name: auth-srv
port:
number: 3000
- pathType: Prefix
path: /?(.*)
backend:
service:
name: client-srv
port:
number: 3000
I looked for some information over github and to do cross communication what I need to do is doing http://<service>.<namespace>.svc.cluster.local:<port>/. Based on that info, I came up with
http://ingress-nginx-controller.ingress-nginx.svc.cluster.local and test it using curl.
✔︎ client (main) ✗ curl http://ingress-nginx-controller.ingress-nginx.svc.cluster.local
curl: (6) Could not resolve host: ingress-nginx-controller.ingress-nginx.svc.cluster.local
I'm following a course called Microservices with Node JS and React
Hope for your answers and insights.
Thank you.

If you ingress controller in Ingress-nginx namespace it perfect or also fine it's any other namespace.
You have create the ingress object in that namespace where your application running, regardless of where you controller running.
Ingress will find the controller or communicate with it across namespace automatically using the class that you have specified in the ingress object.
In simple words
If your app1 running in namespace application just create one ingress in application namespace pointing to app1 service and you are done.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
labels:
name: ingress-service
spec:
rules:
- host: ticketing.dev
http:
paths:
- pathType: Prefix
path: "/api/users/(.*)"
backend:
service:
name: auth-srv
port:
number: 3000
- pathType: Prefix
path: /?(.*)
backend:
service:
name: client-srv
port:
number: 3000
Ingress Controller(simple Pod/Deployment along with a Service that can be used to utilize routing and proxying. Based on Nginx example);
Ingress rules(a separate Kubernetes resource with kind: Ingress. Will only take effect if Ingress Controller is already existing and class is mentioned in ingress)
Ingress Controller can be deployed in any namespace, usually deployed in a namespace separate from your app services like you have done in ingress-nginx. It can out-of-the-box see Ingress rules in all namespaces in the cluster and will pick them up.
The Ingress rules, however, must reside in the namespace where the app that they configure reside.

kubernetes ingress server-alias only applies to one ingress host

According to this doc (https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#server-alias), I'm able to add additional server_name to the nginx config file.
However, it adds the extra server_name to all of my hosts, which cause conflicts for sure.
Is there a way to add server-alias only for one of my hosts? Say I only want to add 10.10.0.100 to my test1 host.
Ingress example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/server-alias: 10.10.0.100
spec:
rules:
- host: test1.com
http:
paths:
- path: /
backend:
service:
name: test1-service
port:
number: 8000
pathType: Prefix
- host: test2.com
http:
paths:
- path: /
backend:
service:
name: test2-service
port:
number: 8000
pathType: Prefix

TL;DR
You can split your Ingress resource on multiple objects (which will work together) to add Annotations to only specific hosts.
Annotations can only be set on the whole kubernetes resource, as they are part of the resource metadata. The ingress spec doesn't include that functionality at a lower level.
-- Stackoverflow.com: Questions: Apply nginx-ingress annotations at path level
Extending on the answer to give an example of how such setup could be created. Let's assume (example):
All required domains pointing to the Service of type LoadBalancer of nginx-ingress-controller:
hello.kubernetes.docker.internal - used in host .spec
hello-two.kubernetes.docker.internal - used in annotations .metadata
--
goodbye.kubernetes.docker.internal - used in host .spec
goodbye-two.kubernetes.docker.internal- used in annotations .metadata
Skipping the Deployment and Service definitions, the Ingress resources should look like below:
hello-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-ingress
annotations:
nginx.ingress.kubernetes.io/server-alias: "hello-two.kubernetes.docker.internal"
spec:
rules:
- host: hello.kubernetes.docker.internal # <-- IMPORTANT
http:
paths:
- path: /
backend:
service:
name: hello-service
port:
number: 80
pathType: Prefix
goodbye-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: goodbye-ingress
annotations:
nginx.ingress.kubernetes.io/server-alias: "goodbye-two.kubernetes.docker.internal"
spec:
rules:
- host: goodbye.kubernetes.docker.internal # <-- IMPORTANT
http:
paths:
- path: /
backend:
service:
name: goodbye-service
port:
number: 80
pathType: Prefix
Above definitions will create 2 Ingress resources that will be merged:
hello-service will respond for:
hello.kubernetes.docker.internal
hello-two.kubernetes.docker.internal
goodbye-service will respond for:
goodbye.kubernetes.docker.internal
goodbye-two.kubernetes.docker.internal
Running:
$ kubectl get ingress:
NAME CLASS HOSTS ADDRESS PORTS AGE
goodbye-ingress <none> goodbye.kubernetes.docker.internal localhost 80 36m
hello-ingress <none> hello.kubernetes.docker.internal localhost 80 36m
Additional resources:
Kubernetes.io: Docs: Concepts: Services networking: Ingress
Kubernetes.github.io: Ingress NGINX: Annotations: Server alias

Kubernetes NGINX-ingress returns 404

I'm a k8s newbie and I am trying to expose a port from the cluster into the local network.
I've tried to do it with metallb config layer2 + load balancer controller and this runs ok.
I have set up a 3-node environment with kubespray.
((192.168.0.1[5,6,7]))
However, I'm trying to expose an api with NodePort and NGINX-Ingress. The nodeport api service is running ok (i can make successfull requests via NODE_IP:NODE_nodeport). But if I try this ingress configuration it justs keeps telling me "connection refused":
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-api
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: "k8s.customhostname.com" # solves to 192.168.0.17 which has a running pod with the api.
http:
paths:
- path: /test
pathType: Prefix
backend:
service:
name: svc-api
port:
number: 8080
Then i check the services:
Name: svc-smouapimapes
Namespace: smouapi
Labels: app=apimapes
Annotations: <none>
Selector: app=apimapes
Type: ClusterIP
IP: 10.233.26.225
Port: springboot 8080/TCP
TargetPort: 8080/TCP
Endpoints: 10.233.90.4:8080,10.233.92.8:8080
Session Affinity: None
Events: <none>
And then check the ingress:
Name: ingress-smouapimapes
Namespace: smouapi
Address: 192.168.0.17
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
k8s.nexusgeografics.com
/test svc-smouapimapes:8080 10.233.90.4:8080,10.233.92.8:8080)
Annotations: nginx.ingress.kubernetes.io/ssl-redirect: false
Events: <none>
Whenever i call :
curl -I http://k8s.nexusgeografics.com/test
# CONNECTION REFUSED
What am I doing wrong?
Thanks

Try adding the following in the Nginx config ingress-smouapimapes.
Add annotation :
nginx.ingress.kubernetes.io/rewrite-target: /$2
And instead of this path: /test add path: /test(/|$)(.*)

Enin, you should configure the domain k8s.nexusgeografics.com to be resolved to the ip that providing the nginx-ingress service, thus, you can access your service through nginx-ingress.

Kubernetes Nginx Ingress partial ssl termination

I'd like to split incoming traffic in Kubernetes Nginx in the following way:
Client --> Nginx --> {Service A, Service B}
The problem I am facing is Service A is an internal service and does not support HTTPS therefore SSL should be terminated for Service A. On the other hand, Service B is an external service (hosted on example.com) and only works over HTTPS.
I cannot manage to get this work easily with Kubernetes Nginx. Here is what I have come with:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-proxy
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/upstream-vhost: example.com
spec:
tls:
- hosts:
- proxy.com
secretName: secret
rules:
- host: proxy.com
http:
paths:
- path: /api/v1/endpoint
backend:
serviceName: service-a
servicePort: 8080
- path: /
backend:
serviceName: service-b
servicePort: 443
kind: Service
apiVersion: v1
metadata:
name: service-b
namespace: default
spec:
type: ExternalName
externalName: service-b.external
ports:
- port: 443
I have got a route for service-b.external:443 to point to example.com.
This solution only works if service-b is over HTTPS, but in my case, I cannot change to HTTPS for this service because of some other internal dependencies.
My problem is the backend-protocol annotation works for the whole kind and I cannot define it per path.
P.S: I am using AWS provider

Following the suggested solution and question from comments.
Yes, like mentioned below it is possible to have two ingress items. In your case
only one should have backend-protocol in it.
According to nginx ingress documentation:
Basic usage - host based routing¶
ingress-nginx can be used for many use cases, inside various cloud provider and supports a lot of configurations. In this section you can find a common usage scenario where a single load balancer powered by ingress-nginx will route traffic to 2 different HTTP backend services based on the host name.
First of all follow the instructions to install ingress-nginx. Then imagine that you need to expose 2 HTTP services already installed: myServiceA, myServiceB. Let's say that you want to expose the first at myServiceA.foo.org and the second at myServiceB.foo.org. One possible solution is to create two ingress resources:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-myservicea
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myservicea.foo.org
http:
paths:
- path: /
backend:
serviceName: myservicea
servicePort: 80
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-myserviceb
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myserviceb.foo.org
http:
paths:
- path: /
backend:
serviceName: myserviceb
servicePort: 80
When you apply this yaml, 2 ingress resources will be created managed by the ingress-nginx instance. Nginx is configured to automatically discover all ingress with the kubernetes.io/ingress.class: "nginx" annotation. Please note that the ingress resource should be placed inside the same namespace of the backend resource.
On many cloud providers ingress-nginx will also create the corresponding Load Balancer resource. All you have to do is get the external IP and add a DNS A record inside your DNS provider that point myServiceA.foo.org and myServiceB.foo.org to the nginx external IP. Get the external IP by running:
kubectl get services -n ingress-nginx
It is also possible to have separate nginx classes as mentioned here.