K
Q

Which is the proper way to expose a service using the nginx RBAC ingress controller?

7/7/2017

I am using kubeadm tool so to create a kubernetes v1.7 cluster.

It is quite simple to expose the service "echoheaders" on my host kubenode1.kube.com using external-ip

Create a deployment running:

kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.5

Expose a service from the deployment:

kubectl expose deployment echoheaders --port=80 --target-port=8080 --external-ip='192.168.10.96'

Access it from you web-browser:

http://kubenode1.kube.com

Now, I would like to expose the same service echoheaders using the Role Based Ingress Controller from this guide: https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx

From the above guide I am running the commands without a problem..

After that, create the deployment and service "echoheader" with type:NodePort but without using the external-ip option

kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.5

kubectl expose deployment echoheaders --port=80 --target-port=8080 --type=NodePort

We are able to access the service with curl 192.168.10.96:31782

Creating also the echoheaders ingress resource for this service:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: echoheaders-ingress
spec:
  rules:
    - host: kubenode1.kube.com
      http:
        paths:
          - path: /
            backend:
              serviceName: echoheaders
              servicePort: 80

But I am not able to access the service:

curl http(s)://kubenode1.kube.com -H "Host: kubenode1.kube.com"

returns

curl: (7) Failed connect to kubenode1.kube.com:80; Connection Refused

Everything seems to be ok when I am checking the command: kubectl describe ing echoheaders

Last I have tried the kubernetes-dashboard service from here: https://github.com/kubernetes/dashboard/blob/master/src/deploy/kubernetes-dashboard.yaml

This is compatible of Kubernetes 1.6 RBAC enabled.. but also I wasn't able to access it from outside. Still getting the same error:

curl: (7) Failed connect to kubenode1.kube.com:80; Connection Refused

Do I have to provide more details? Am I missing something so to be able to expose a service using the Role based nginx-ingress controller?

I need to access my services from http(s)://kubenode1.kube.com and not to be publicly accessible on Nodeport port (http(s)://kubenode1.kube.com:31782)

-- George Kon
kubeadm
kubernetes
nginx
rbac

Similar Questions

Anyone knows how to give individual limited cluster access to users without using RBAC in kube 1.5.7?
In prometheus all target servers show as down with this error: dial tcp 10.7.17.11:9100: getsockopt: connection timed out
Google container connect to service
Unable to write config file for Prometheus on Kubernetes

1 Answer

7/10/2017

You need to expose the nginx controller on nodeport 80 if you want to access it on that port. It looks like the example you linked to exposes it on port 30080: https://github.com/kubernetes/ingress/blob/master/examples/rbac/nginx/nginx-ingress-controller-service.yml

For using port 80 you first have to allow such low port numbers for nodeport services. You can do that with the --service-node-port-range parameter of the apiserver, see https://kubernetes.io/docs/admin/kube-apiserver/

-- slintes
Source: StackOverflow