How can I use ingress to control the routing between two instances? - nginx

I have a service deployed on Kubernetes and it has url app.io (using ingress).
What if I need a user to every time go to app.io and:
if it's running okay with no errors, it redirects to the app.io (on k8s)
and if not running well or have an error, it would redirect on a backup service on Heroku for example with url backup.io.
How can I do that?
Thanks in advance

Fallback routing like you describe is not part of the Ingress standard. It only does routing based on incoming Host header and request path. It's possible some specific Ingress Controller supports this as a custom extension but I don't know of any that do.

I think you may need to put a L7 load balancer like HAproxy in front. Configure your backup location in backend pool, and HAProxy will take care of the rest.

You may want to configure ingress befault-backendto be some sort of fallback service. With most of the cases people tend to use that for some custom 404 but you might just direct it to another service, for example backup-io:
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: "/"
nginx.ingress.kubernetes.io/default-backend: backup-io
That's of course assuming you're using nginx controller. Kong has also fallback service instructions.

Related

Nginx Ingress Controller with Nginx Reverse Proxy

I am a bit confused with the architecture of load-balancing K8s traffic with Nginx ingress controller.
I learned that an ingress controller is supposed to configure the load-balancer you're using according to ingress configurations.
So if I want to use Nginx ingress controller and I have a Physical server that is running Nginx that stands in front of my network, how can I make the ingress controller configure it?
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource. You must have an Ingress controller to satisfy an Ingress. Only creating an Ingress resource has no effect. Take a look at the example graph below:
Nginx Ingress Controller is using service of type LoadBalancer to get the traffic enter the controller and then to get rerouted to particular services.
I strongly suggest going through the official documentation in order to get a good understanding of the topic and see some examples of using it.
is the nginx ingress controller supposed to (or can) configure an
Nginx machine?
NGINX Ingress Controller works with both NGINX and NGINX Plus and supports the standard Ingress features - content-based routing and TLS/SSL termination.

HTTP is not disabled after adding allow-http configuration in Ingress

I have tried to block http and allow only https for the application which deployed in GCP. For the routing, using ningx ingress and tcp loadbalancer to route the traffic from client to the application.
Even after adding the below configuration in ingress yaml , still application serves http.
kubernetes.io/ingress.allow-http: "false"
Thanks in advance.
I reproduced your issue and solved it by deleting ingress resource and deploying new one with kubernetes.io/ingress.allow-http: "false" annotation. According to GCP docs:
Note: For an existing Ingress, the HTTP load balancer resources are not deleted automatically on adding the
kubernetes.io/ingress.allow-http annotation with its value set to
false. A workaround for this is to delete the Ingress and recreate
it with the annotation added. Beginning with GKE version
1.16.4-gke.25, the HTTP load balancer resources are automatically deleted on updating an Ingress to disable HTTP load balancing.
So if you have GKE version prior to 1.16.4-gke.25 ingress resource has to be deleted and then new ingress has to be created with this annotation.

HTTP2 support for Traefik ingress in Kubernetes (K3S)

I use K3S for my Kubernetes cluster. It's really fast and efficient. By default K3S use Traefik for ingress controller which also work well til now.
The only issue I have is, I want to have HTTP2 server push. The service I have is behind the ingress, generates Link header which in the case of NGINX I can simply turn it into the HTTP2 server push (explained here). Is there any same solution for Traefik? Or is it possible to switch to NGINX in K3S?
HTTP2 Push not supported in Traefik yet. See the github open issue #906 for progress on the matter.
Though, you can safely switch to the nginx ingress controller to accomplish HTTP2 push
a) helm install stable/nginx-ingress
b) in your ingress yaml set appropriate annotation
metadata:
annotations:
kubernetes.io/ingress.class: nginx
I don't know about that HTTP2 in traefik, but you can simply tell k3s not to start traefik and deploy your choice of ingress controller:
https://github.com/rancher/k3s#traefik
You probably do not want HTTP/2 Server Push given it's being removed from Chromium. If you would like to switch ingress controllers you can choose another by:
Starting K3s with the --disable traefik option.
Adding another controller such as NGINX or Ambassador
For detailed instructions on adding Ambassador to K3s see the following link: https://rancher.com/blog/2020/deploy-an-ingress-controllers

traefik vs nginx ingress controller

Hi I am using kubernetes and now need to make a choice between traefik and nginx ingress controller for ingress expose. I have googled a lot, but seems no such big difference, especially nginx just announce support grpc now. Anyone can give a advice? Thanks very very much!
Found this comment at stackshare by Howie Zhao
The reasons for choosing Traefik over Nginx are as follows:
Traefik built-in Let’s Encrypt and supports automatic renewal
Traefik automatically enables HTTP/2
Prometheus can be supported through simple Traefik configuration
cookiecutter django integrates Traefik's configuration by default

Using a Kubernete Ingress on GCE to Redirect/Force TLS

Am I currently forced to use an additional webserver (nginx) to redirect all Kubernete Ingress traffic to https when hosting on GCE?
I'm looking to deploy a Golang application into the wild. As a learning experiment, I thought I would use GCE to host & K8s to deploy/scale. I have deployments and services all working as expected returning traffic and created certs with Lets Encrypt for TLS termination.
I am at the point of implementing an Ingress now as Service LoadBalancers seem to be deprecated. At this stage I am using a static IP for the Ingress to use for backend requests - as follows
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: web-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: "kubernetes-ingress"
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- secretName: web-ssl
backend:
serviceName: web
servicePort: 80
Of course I want all http traffic to go through https/TLS. Assigning the ingress.kubernetes.io/ssl-redirect: "true" entry has made no difference. As a sneaky attempt, I thought I may be able to alter the servicePort to 443. As my service is accepting requests on both 80/443 ports, valid responses were returned, but http was not forced to https.
At this stage I am guessing I will need to "bite the bullet" and create an nginx Ingress Controller. This will also help to update certs using Lego along with creating another abstraction should I need more service points.
But before I did, I just wanted to check first if there is no other way? Any help appreciated thanks.
An Ingress controller is needed to implement the Ingress manifest. Without it, installing the Ingress manifest doesn't do anything. Afaik, deploying an Ingress is the best way for HTTP redirection.
You can make the ingress redirect HTTP traffic to HTTPS. Check out this tutorial for TLS with traefik, and this tutorial for TLS with nginx.

Resources