I had a Kibana that was previously running behind the NGINX ingress controller using this Ingress configuration:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: es-kibana-ing
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: "example.com"
http:
paths:
- path: /kibana(/|$)(.*)
pathType: Prefix
backend:
serviceName: es-kibana-svc
servicePort: 443
tls:
- hosts:
- example.com
secretName: example-tls
With this configuration you had to go to www.example.com/kibana to access the kibana.
Since then we migrated to GCP and now I'm trying to achieve the same using the GCE ingress controller. For now I figured how to serve the kibana on path "/*" :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: es-kibana-ing
annotations:
kubernetes.io/ingress.class: gce
kubernetes.io/ingress.global-static-ip-name: kibana-static-ip
networking.gke.io/managed-certificates: managed-cert
spec:
rules:
- host: "example.com"
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: es-kibana-svc
port:
number: 443
Instead I would like to serve the Kibana on the /kibana (as in the previous Nginx configuration), but I can't find an equivalent to rewrite-target for the gce controller. Any idea how this can be done?
If I understand what you want to achieve, you cannot do this using GCE Ingress, you would need to enforce Nginx Ingress.
Rewrite behavior of Nginx Ingress cannot be replicated by GCE Ingress. As I mentioned in the comment section, Nginx Ingress contains much more features than GCE Ingress, for example rewrite/capture groups or service type requirement (NodePort in GCE, ClusterIP or NodePort in Nginx).
With GCE Ingress you can achieve some static path rules like in this example. Something like that:
rules:
- http:
paths:
- path: /hello
backend:
serviceName: hello-svc
servicePort: 8080
- path: /hello-v2
backend:
serviceName: hello-v2-svc
servicePort: 8080
- path: /kibana
backend:
serviceName: kibana
servicePort: 443
- path: /randomsvc
backend:
serviceName: randomsvc
servicePort: 8080
However, as I understand by your comment:
I just want to replicate the behavior that I described for Nginx Ingress, that was allowing me to access my application through '/kibana' using the rewrite-target feature.
Rewrite behavior is specific which cannot be replicated on GCE Ingress. There is a request to add a rewrite feature to GCE Ingress since 2018 but it's still open. More details about it you can find here.
You can find some differences between both Ingress in this guide.
It seems you may be using a different NGINX ingress controller and therefore annotations don't work as expected. You may find explanation of differences here.
Plus this closed GitHub issue seems to be very similar to yours so hopefully you can try using the solution mentioned there.
Related
I am trying to expose certain Services Port Directly via Traefik Ingress, running on K3s. I have a usecase where I want to expose certain ports directly on Loadbalancer, like:
8080 - Tomcat - TCP
1700 - UDP
1795 - TCP
I tried creating following config based on this thread from Nginx Repo (I know it's for Nginx, but, I couldn't find a suitable doc in Traefik) :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: multiportsvc
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: node2.givmecloud.in
http:
paths:
#- path: /
- backend:
serviceName: webui
servicePort: 80
- backend:
serviceName: the-udp-service
servicePort: 1700
- backend:
serviceName: tomcat-tcp-service
servicePort: 8080
However, the PORTS are not directly exposed on Ingress, just port 80/443 seems to be exposed on loadbalancer. I think this SO thread mentions that it's not directly possible:
Open other ports more than HTTP & HTTPS in Traefik Kubernetes Ingress
Nginx seems to support this, I check this Nginx documentation: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/
Is it something that's possible with traefik either via v1 or v2 or I need to use Nginx or MetalLB for this type of usecase if not, what's recommended for this kind of use cases?
Thanks,
I am trying to play with multiple rules on one of my ingress statements:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/balance-algorithm: roundrobin
ingress.kubernetes.io/maxconn-server: "10"
#ingress.kubernetes.io/secure-backends: "true"
ingress.kubernetes.io/secure-verify-ca-secret: "tls-secret-portal"
ingress.kubernetes.io/ssl-redirect: "true"
name: ingress-test
namespace: testing
spec:
tls:
- hosts:
- my.domain.name
secretName: tls-secret-portal
rules:
- host: my.domain.name
http:
paths:
- path: /
backend:
serviceName: nginx-service
servicePort: 8080
- path: /link
backend:
serviceName: apache-service
servicePort: 8080
Only the nginx-service at / will work. If i swap the paths then only the apache-service will work. If I give them both a path (/link1 and /link2), neither work and I get a 404 not found, the error on the one that does not work is always 404 not found. The certificate works fine and it is not a certificate issue.
Sean
Rewriting your application is the cleanest way of doing it so I'd suggest you doing that.
You can't just rewrite the response content from server and change urls/paths in flight. It's easier said than done. You could try in theory but generally this is not a good idea.
I am following the steps from the Rancher quick start guide and I am useing 2 VMs:
VM #1: I am running the Rancher server (in a Docker container) and a Rancher agent with 3 roles: etcd, control plane and worker
VM #2: a Rancher agent with a worker
I am trying to set up an ingress that will route to a simple Java REST API to a simple nodeJS app - each of these needs to have a path.
This is the ingress definition that we are trying to satisfy:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: front-end
servicePort: 3000
- path: /supermarket/
backend:
serviceName: backend
servicePort: 8081
This is ingress definition is working with the GKE.
When I apply it to Rancher, it tells us that we have 2 IP addresses - 1 for VM #1 and another for VM #2.
When we open the IP of VM #1, we get served the Rancher UI, but when we open the IP of VM #2, we get a connection timeout - as if there is no port open there.
So it appears that none of them is serving the ingress.
What is the correct IP that we need to use to hit the ingress?
For example, I want to be able to open http:///supermarket/ and get a response from the backend.
Do you have any other ingress objects in the same namespace? If you do, I would suggest you specify host in your ingress object as below:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: front-end
servicePort: 3000
- path: /supermarket
backend:
serviceName: backend
servicePort: 8081
Once you apply this manifest, you will be able to access your backend on http://foo.bar.com/supermarket and your front-end on http://foo.bar.com/
I am following this web site to develop an API with Nginx Ingress. When I use curl command it works !
curl -v -k -H "Host: myServiceA.foo.org" http:<IP_ADDRESS_INGRESS_NGINX>:80
Now I would like to use a browser like Chrome or Firefox but I don't find any way to do it knowing that http:<IP_ADDRESS_INGRESS_NGINX>:80 doesn't work without header.
Do you know how to do please ?
Regards
It's not working because you've configured the host field in ingress yaml.
Using the same yaml from Nginx docs you've posted:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-myServiceA
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myServiceA.foo.org <== HERE
http:
paths:
- path: /
backend:
serviceName: myServiceA
servicePort: 80
The ingress will only accept the connection and forwarding the request to your service if the request contains the host myServiceA.foo.org.
You could test it editing the /etc/hosts of your machine e pointing to the nginx ingress ip:
File /etc/hosts
<INGRESS_IP> myServiceA.foo.org
Or another option is remove the field host in this way the ingress will accept requests coming from the Nginx ingress ip, like this yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: echo-svc
servicePort: 80
I have an ExternalName service:
apiVersion: v1
kind: Service
metadata:
name: external
namespace: default
spec:
externalName: my-site.com
ports:
- port: 443
protocol: TCP
targetPort: 443
type: ExternalName
And an Ingress path:
spec:
rules:
- http:
paths:
- backend:
serviceName: external
servicePort: 443
path: /*
But saving the ingress returns:
Error during sync: error while evaluating the ingress spec: service "default/external" is type "ExternalName", expected "NodePort" or "LoadBalancer"
GCE ingress should support ExternalName services (or at least there isn't easily findable documentation suggesting otherwise) and that error is hard to track down.
GCE ingresses do not support type: ExternalName due to the fact that they use GCE LB as the providing infrastructure. the GCE LB can't use it as a backend.
I recommend posting this as a Feature Request on Google's Issue tracker