Access Kubernetes Git Container via Ingress via HTTP as well as SSH

9/30/2016

I have a small kubernetes (1.3) cluster (basically one node) and would like to install gogs in there. Gogs is "installed" using Helm. I do have the following templates in my helm chart:

  • Deployment (using image gogs:0.9.97, having containerPort 3000 (http) as well as 2222 (ssh)
  • Ingress (this is only for Port 80)
  • Service (Port 80 (http) as well as 2222 (ssh))

The http-stuff is configured correctly and I can access the container as well as the contained git-repositories via http without any trouble. Now I would like to use ssh for the git-connections as well. I tried the --tcp-services-configmap configuration of nginx-ingress, but to no avail. The log of the Ingress Controller states, that the configured service does not have any active endpoints, which I find rather strange, since the http stuff is working.

UPDATE

I just did an nmap on the DNS and the port 2222 is not open. This looks like a konfiguration problem. The port is open on the container (tested by connecting to the cluster ip from the ndoe).

Guess that the problem is that the log of the Ingress Controller states, that the configured service does not have any active endpoints.

My Service onfiguration is:

apiVersion: v1
kind: Service
metadata:
    name: {{ template "fullname" . }}
    labels:
        app: {{ template "fullname" . }}
spec:
    ports:
       - name: http
         port: 80
         targetPort: http
         protocol: TCP
       - name: ssh
         port: 2222
         targetPort: ssh
         protocol: TCP
     selector:
         app: {{ template "fullname" . }}

The config-map is:

apiVersion: v1
kind: ConfigMap
metadata:
    name: tcp-configmap-ssh
data:
    2222: "default/{{ template "fullname" . }}:2222"
-- triplem
git
gogs
kubernetes
nginx
ssh

1 Answer

10/1/2016

Answering my own question. This issue is rather a configuration problem and caused by my own fault.

Basically I haven't posted the ReplicationController of the Nginx-Ingress Resource. This one was missing the port 2222. so now it does look like:

apiVersion: v1
kind: ReplicationController
metadata:
  name: {{ template "fullname" . }}
  labels:
    k8s-app: "{{ .Chart.Name }}"
    chart: "{{.Chart.Name}}-{{.Chart.Version}}"
spec:
  replicas: 1
  selector:
    k8s-app: "{{ .Chart.Name }}"
  template:
    metadata:
      labels:
        name: {{ template "fullname" . }}
        k8s-app: "{{ .Chart.Name }}"
        chart: "{{.Chart.Name}}-{{.Chart.Version}}"
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - image: gcr.io/google_containers/nginx-ingress-controller:0.8.3
        name: "{{ .Chart.Name }}"
        imagePullPolicy: Always
        readinessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          timeoutSeconds: 1
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        ports:
        - containerPort: 80
          hostPort: 80
        # we do need to expose 2222 to be able to access this port via
        # the tcp-services
        - containerPort: 2222
          hostPort: 2222
        args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
        - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-configmap-ssh
-- triplem
Source: StackOverflow