I am following the steps from the Rancher quick start guide and I am useing 2 VMs:
VM #1: I am running the Rancher server (in a Docker container) and a Rancher agent with 3 roles: etcd, control plane and worker
VM #2: a Rancher agent with a worker
I am trying to set up an ingress that will route to a simple Java REST API to a simple nodeJS app - each of these needs to have a path.
This is the ingress definition that we are trying to satisfy:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: front-end
servicePort: 3000
- path: /supermarket/
backend:
serviceName: backend
servicePort: 8081
This is ingress definition is working with the GKE.
When I apply it to Rancher, it tells us that we have 2 IP addresses - 1 for VM #1 and another for VM #2.
When we open the IP of VM #1, we get served the Rancher UI, but when we open the IP of VM #2, we get a connection timeout - as if there is no port open there.
So it appears that none of them is serving the ingress.
What is the correct IP that we need to use to hit the ingress?
For example, I want to be able to open http:///supermarket/ and get a response from the backend.
Do you have any other ingress objects in the same namespace? If you do, I would suggest you specify host in your ingress object as below:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: front-end
servicePort: 3000
- path: /supermarket
backend:
serviceName: backend
servicePort: 8081
Once you apply this manifest, you will be able to access your backend on http://foo.bar.com/supermarket and your front-end on http://foo.bar.com/
Related
I am trying to create a basic path based routing ingress controller with an AKS managed Load Balancer. Trouble is figuring out how to route from the Load Balancer to the Ingress controller.
Here is my ingress controller yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-cpr
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- http:
paths:
- path: /green/
pathType: Prefix
backend:
service:
name: nginx-green-clusterip-service
port:
number: 80
- path: /red/
pathType: Prefix
backend:
service:
name: nginx-red-clusterip-service
port:
number: 80
As you can see, the ingress controller is responsible to send to the appropriate app based on the incoming path.
But how do I get this connected to a managed Load Balancer?
apiVersion: v1
kind: Service
metadata:
name: loadbal-service
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: ingress-cpr
I know this line isnt correct "-app: ingress-cpr". But what do I have to do so that the LoadBalancer forwards to the ingress controller?
Thanks in advance,
Jake.
In the service manifest the app's selector should be pointing to the backend service name of the ingress. In this particular case instead of ingress-cpr in the service manifest should be either of the two backends (nginx-green-clusterip-service or nginx-red-clusterip-service). Any traffic via external IP of the managed LB on port 80 should be routed to one of the backend defined in the ingress then.
There is also Microsoft example about creation of basic ingress controller in AKS.
I had a Kibana that was previously running behind the NGINX ingress controller using this Ingress configuration:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: es-kibana-ing
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: "example.com"
http:
paths:
- path: /kibana(/|$)(.*)
pathType: Prefix
backend:
serviceName: es-kibana-svc
servicePort: 443
tls:
- hosts:
- example.com
secretName: example-tls
With this configuration you had to go to www.example.com/kibana to access the kibana.
Since then we migrated to GCP and now I'm trying to achieve the same using the GCE ingress controller. For now I figured how to serve the kibana on path "/*" :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: es-kibana-ing
annotations:
kubernetes.io/ingress.class: gce
kubernetes.io/ingress.global-static-ip-name: kibana-static-ip
networking.gke.io/managed-certificates: managed-cert
spec:
rules:
- host: "example.com"
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: es-kibana-svc
port:
number: 443
Instead I would like to serve the Kibana on the /kibana (as in the previous Nginx configuration), but I can't find an equivalent to rewrite-target for the gce controller. Any idea how this can be done?
If I understand what you want to achieve, you cannot do this using GCE Ingress, you would need to enforce Nginx Ingress.
Rewrite behavior of Nginx Ingress cannot be replicated by GCE Ingress. As I mentioned in the comment section, Nginx Ingress contains much more features than GCE Ingress, for example rewrite/capture groups or service type requirement (NodePort in GCE, ClusterIP or NodePort in Nginx).
With GCE Ingress you can achieve some static path rules like in this example. Something like that:
rules:
- http:
paths:
- path: /hello
backend:
serviceName: hello-svc
servicePort: 8080
- path: /hello-v2
backend:
serviceName: hello-v2-svc
servicePort: 8080
- path: /kibana
backend:
serviceName: kibana
servicePort: 443
- path: /randomsvc
backend:
serviceName: randomsvc
servicePort: 8080
However, as I understand by your comment:
I just want to replicate the behavior that I described for Nginx Ingress, that was allowing me to access my application through '/kibana' using the rewrite-target feature.
Rewrite behavior is specific which cannot be replicated on GCE Ingress. There is a request to add a rewrite feature to GCE Ingress since 2018 but it's still open. More details about it you can find here.
You can find some differences between both Ingress in this guide.
It seems you may be using a different NGINX ingress controller and therefore annotations don't work as expected. You may find explanation of differences here.
Plus this closed GitHub issue seems to be very similar to yours so hopefully you can try using the solution mentioned there.
I am trying to expose certain Services Port Directly via Traefik Ingress, running on K3s. I have a usecase where I want to expose certain ports directly on Loadbalancer, like:
8080 - Tomcat - TCP
1700 - UDP
1795 - TCP
I tried creating following config based on this thread from Nginx Repo (I know it's for Nginx, but, I couldn't find a suitable doc in Traefik) :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: multiportsvc
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: node2.givmecloud.in
http:
paths:
#- path: /
- backend:
serviceName: webui
servicePort: 80
- backend:
serviceName: the-udp-service
servicePort: 1700
- backend:
serviceName: tomcat-tcp-service
servicePort: 8080
However, the PORTS are not directly exposed on Ingress, just port 80/443 seems to be exposed on loadbalancer. I think this SO thread mentions that it's not directly possible:
Open other ports more than HTTP & HTTPS in Traefik Kubernetes Ingress
Nginx seems to support this, I check this Nginx documentation: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/
Is it something that's possible with traefik either via v1 or v2 or I need to use Nginx or MetalLB for this type of usecase if not, what's recommended for this kind of use cases?
Thanks,
I am following this web site to develop an API with Nginx Ingress. When I use curl command it works !
curl -v -k -H "Host: myServiceA.foo.org" http:<IP_ADDRESS_INGRESS_NGINX>:80
Now I would like to use a browser like Chrome or Firefox but I don't find any way to do it knowing that http:<IP_ADDRESS_INGRESS_NGINX>:80 doesn't work without header.
Do you know how to do please ?
Regards
It's not working because you've configured the host field in ingress yaml.
Using the same yaml from Nginx docs you've posted:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-myServiceA
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myServiceA.foo.org <== HERE
http:
paths:
- path: /
backend:
serviceName: myServiceA
servicePort: 80
The ingress will only accept the connection and forwarding the request to your service if the request contains the host myServiceA.foo.org.
You could test it editing the /etc/hosts of your machine e pointing to the nginx ingress ip:
File /etc/hosts
<INGRESS_IP> myServiceA.foo.org
Or another option is remove the field host in this way the ingress will accept requests coming from the Nginx ingress ip, like this yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: echo-svc
servicePort: 80
I have an ExternalName service:
apiVersion: v1
kind: Service
metadata:
name: external
namespace: default
spec:
externalName: my-site.com
ports:
- port: 443
protocol: TCP
targetPort: 443
type: ExternalName
And an Ingress path:
spec:
rules:
- http:
paths:
- backend:
serviceName: external
servicePort: 443
path: /*
But saving the ingress returns:
Error during sync: error while evaluating the ingress spec: service "default/external" is type "ExternalName", expected "NodePort" or "LoadBalancer"
GCE ingress should support ExternalName services (or at least there isn't easily findable documentation suggesting otherwise) and that error is hard to track down.
GCE ingresses do not support type: ExternalName due to the fact that they use GCE LB as the providing infrastructure. the GCE LB can't use it as a backend.
I recommend posting this as a Feature Request on Google's Issue tracker