This works perfect for curl and chrome
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example
annotations:
ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: example
http:
paths:
- backend:
serviceName: example
servicePort: 443
until you create a webpage where you are connecting to that service and using img call's (tiles) from another service on the same kube using the same ssl certificate. Then chrome wants to recycle the http2 connection resulting in requests getting send to the wrong pod. Note that curl keeps working for both services because it doesn't try to recycle the previous curl command http2 connection. Is there a workaround for this, other than running two different kube clusters so chrome doesn't recycle the http2 connection?
Related
I had a Kibana that was previously running behind the NGINX ingress controller using this Ingress configuration:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: es-kibana-ing
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: "example.com"
http:
paths:
- path: /kibana(/|$)(.*)
pathType: Prefix
backend:
serviceName: es-kibana-svc
servicePort: 443
tls:
- hosts:
- example.com
secretName: example-tls
With this configuration you had to go to www.example.com/kibana to access the kibana.
Since then we migrated to GCP and now I'm trying to achieve the same using the GCE ingress controller. For now I figured how to serve the kibana on path "/*" :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: es-kibana-ing
annotations:
kubernetes.io/ingress.class: gce
kubernetes.io/ingress.global-static-ip-name: kibana-static-ip
networking.gke.io/managed-certificates: managed-cert
spec:
rules:
- host: "example.com"
http:
paths:
- path: /*
pathType: ImplementationSpecific
backend:
service:
name: es-kibana-svc
port:
number: 443
Instead I would like to serve the Kibana on the /kibana (as in the previous Nginx configuration), but I can't find an equivalent to rewrite-target for the gce controller. Any idea how this can be done?
If I understand what you want to achieve, you cannot do this using GCE Ingress, you would need to enforce Nginx Ingress.
Rewrite behavior of Nginx Ingress cannot be replicated by GCE Ingress. As I mentioned in the comment section, Nginx Ingress contains much more features than GCE Ingress, for example rewrite/capture groups or service type requirement (NodePort in GCE, ClusterIP or NodePort in Nginx).
With GCE Ingress you can achieve some static path rules like in this example. Something like that:
rules:
- http:
paths:
- path: /hello
backend:
serviceName: hello-svc
servicePort: 8080
- path: /hello-v2
backend:
serviceName: hello-v2-svc
servicePort: 8080
- path: /kibana
backend:
serviceName: kibana
servicePort: 443
- path: /randomsvc
backend:
serviceName: randomsvc
servicePort: 8080
However, as I understand by your comment:
I just want to replicate the behavior that I described for Nginx Ingress, that was allowing me to access my application through '/kibana' using the rewrite-target feature.
Rewrite behavior is specific which cannot be replicated on GCE Ingress. There is a request to add a rewrite feature to GCE Ingress since 2018 but it's still open. More details about it you can find here.
You can find some differences between both Ingress in this guide.
It seems you may be using a different NGINX ingress controller and therefore annotations don't work as expected. You may find explanation of differences here.
Plus this closed GitHub issue seems to be very similar to yours so hopefully you can try using the solution mentioned there.
I am trying to expose certain Services Port Directly via Traefik Ingress, running on K3s. I have a usecase where I want to expose certain ports directly on Loadbalancer, like:
8080 - Tomcat - TCP
1700 - UDP
1795 - TCP
I tried creating following config based on this thread from Nginx Repo (I know it's for Nginx, but, I couldn't find a suitable doc in Traefik) :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: multiportsvc
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: node2.givmecloud.in
http:
paths:
#- path: /
- backend:
serviceName: webui
servicePort: 80
- backend:
serviceName: the-udp-service
servicePort: 1700
- backend:
serviceName: tomcat-tcp-service
servicePort: 8080
However, the PORTS are not directly exposed on Ingress, just port 80/443 seems to be exposed on loadbalancer. I think this SO thread mentions that it's not directly possible:
Open other ports more than HTTP & HTTPS in Traefik Kubernetes Ingress
Nginx seems to support this, I check this Nginx documentation: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/
Is it something that's possible with traefik either via v1 or v2 or I need to use Nginx or MetalLB for this type of usecase if not, what's recommended for this kind of use cases?
Thanks,
I am following the steps from the Rancher quick start guide and I am useing 2 VMs:
VM #1: I am running the Rancher server (in a Docker container) and a Rancher agent with 3 roles: etcd, control plane and worker
VM #2: a Rancher agent with a worker
I am trying to set up an ingress that will route to a simple Java REST API to a simple nodeJS app - each of these needs to have a path.
This is the ingress definition that we are trying to satisfy:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: front-end
servicePort: 3000
- path: /supermarket/
backend:
serviceName: backend
servicePort: 8081
This is ingress definition is working with the GKE.
When I apply it to Rancher, it tells us that we have 2 IP addresses - 1 for VM #1 and another for VM #2.
When we open the IP of VM #1, we get served the Rancher UI, but when we open the IP of VM #2, we get a connection timeout - as if there is no port open there.
So it appears that none of them is serving the ingress.
What is the correct IP that we need to use to hit the ingress?
For example, I want to be able to open http:///supermarket/ and get a response from the backend.
Do you have any other ingress objects in the same namespace? If you do, I would suggest you specify host in your ingress object as below:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: front-end
servicePort: 3000
- path: /supermarket
backend:
serviceName: backend
servicePort: 8081
Once you apply this manifest, you will be able to access your backend on http://foo.bar.com/supermarket and your front-end on http://foo.bar.com/
I am following this web site to develop an API with Nginx Ingress. When I use curl command it works !
curl -v -k -H "Host: myServiceA.foo.org" http:<IP_ADDRESS_INGRESS_NGINX>:80
Now I would like to use a browser like Chrome or Firefox but I don't find any way to do it knowing that http:<IP_ADDRESS_INGRESS_NGINX>:80 doesn't work without header.
Do you know how to do please ?
Regards
It's not working because you've configured the host field in ingress yaml.
Using the same yaml from Nginx docs you've posted:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-myServiceA
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myServiceA.foo.org <== HERE
http:
paths:
- path: /
backend:
serviceName: myServiceA
servicePort: 80
The ingress will only accept the connection and forwarding the request to your service if the request contains the host myServiceA.foo.org.
You could test it editing the /etc/hosts of your machine e pointing to the nginx ingress ip:
File /etc/hosts
<INGRESS_IP> myServiceA.foo.org
Or another option is remove the field host in this way the ingress will accept requests coming from the Nginx ingress ip, like this yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: echo-svc
servicePort: 80
I'm just starting to use OpenShift v3. I've been looking for examples on setting up a ci/cd pipeline using jenkins, nexus, sonarqube on openshift. I've found this nice example project but unfortunately I can't get it to work. The project can be found here: https://github.com/OpenShiftDemos/openshift-cd-demo
The problem I'm running into is that once a jenkins job is starting it will try to connect to the nexus service using this url: nexus:8081. This url is made up out of the openshift template by this section:
# Sonatype Nexus
- apiVersion: v1
kind: Service
metadata:
annotations:
description: Sonatype Nexus repository manager's http port
labels:
app: nexus
name: **nexus**
spec:
ports:
- name: web
port: **8081**
protocol: TCP
targetPort: 8081
selector:
app: nexus
deploymentconfig: nexus
sessionAffinity: None
type: ClusterIP
However it seems that jenkins (ran as a pod on openshift within the same project as nexus) can't connect to the url http://nexus:8081 and shows the following:
Connect to nexus:8081 [nexus/172.30.190.210] failed: Connection refused # line 81, column 25
any idea what is going on?