K
Q

Kubernetes, Ingress resource configuration, route to same host, but different ports

5/31/2018

This question is relevant to another question. From this link, I could say using ingress to route to different ports service is feasible.

I first listed two of my services: (eureka and config), the ingress_nginx_res.yaml is as belows:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host:
    http:
      paths:
      - backend:
          serviceName: gearbox-rack-eureka-server
          servicePort: 8761
  - host:
    http:
      paths:
      - path:
        backend:
          serviceName: gearbox-rack-config-server
          servicePort: 8888

as one could see, gearbox-rack-eureka-server is listening port 8761, and gearbox-rack-config-server is listening port 8888.

Right now, all service and k8s is installed on my local virtual box(centos 7x), 172.16.100.83, after kubectl apply -f ingress_nginx_res.yaml, i could see it is up.

[root@master3 ingress]# kubectl get ing
NAME         HOSTS     ADDRESS   PORTS     AGE
my-ingress   *                   80        11s

I try verify ingress, then I put 172.16.100.83:8761, it say could not visit this website. So I believe there is something wrong with my configuration. I put all related configuration and steps as below:

eureka_pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: gearbox-rack-eureka-server
  labels:
    app: gearbox-rack-eureka-server
    purpose: platform_eureka_demo
spec:
  containers:
  - name:  gearbox-rack-eureka-server
    image: 192.168.1.229:5000/gearboxrack/gearbox-rack-eureka-server
    ports:
        - containerPort: 8761

eureka_svc.yaml:

apiVersion: v1
kind: Service
metadata:
  name: gearbox-rack-eureka-server
  labels:
    name: gearbox_rack_eureka_server
spec:
  selector:
    app: gearbox-rack-eureka-server
  type: NodePort
  ports:
    - port: 8761
      nodePort: 31501
      name: tcp

config_pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: gearbox-rack-config-server
  labels:
    app: gearbox-rack-config-server
    purpose: platform-demo
spec:
  containers:
  - name:  gearbox-rack-config-server
    image: 192.168.1.229:5000/gearboxrack/gearbox-rack-config-server
    ports:
    - containerPort: 8888
    env:
      - name: EUREKA_SERVER
        value: http://172.16.100.83:8761

config_svc.yaml:

apiVersion: v1
kind: Service
metadata:
  name: gearbox-rack-config-server
  labels:
    name: gearbox-rack-config-server
spec:
  selector:
    app: gearbox-rack-config-server
  type: NodePort
  ports:
    - port: 8888
      nodePort: 31502
      name: tcp

ingress_nginx_role_rb.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: lb
  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: nginx-ingress-normal
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - secrets
    verbs:
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
        - events
    verbs:
        - create
        - patch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses/status
    verbs:
      - update

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
  name: nginx-ingress-minimal
  namespace: kube-system
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - pods
      - secrets
      - namespaces
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - configmaps
    resourceNames:
      - "ingress-controller-leader-dev"
      - "ingress-controller-leader-prod"
    verbs:
      - get
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - endpoints
    verbs:
      - get

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: nginx-ingress-minimal
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: nginx-ingress-minimal
subjects:
  - kind: ServiceAccount
    name: lb
    namespace: kube-system
---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: nginx-ingress-normal
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: nginx-ingress-normal
subjects:
  - kind: ServiceAccount
    name: lb
    namespace: kube-system

nginx_default-backend.yaml

kind: Service
apiVersion: v1
metadata:
  name: nginx-default-backend
  namespace: kube-system
spec:
  ports:
  - port: 80
    targetPort: http
  selector:
    app: nginx-default-backend
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: nginx-default-backend
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx-default-backend
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: default-http-backend
        image: chenliujin/defaultbackend
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        resources:
          limits:
            cpu: 10m
            memory: 20Mi
          requests:
            cpu: 10m
            memory: 20Mi
        ports:
        - name: http
          containerPort: 8080
          protocol: TCP

ingress_nginx_ctl.yaml

kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
spec:
  type: LoadBalancer
  selector:
    app: ingress-nginx
  ports:
  - name: http
    port: 80
    targetPort: http
  - name: https
    port: 443
    targetPort: https
---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: ingress-nginx
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: ingress-nginx
    spec:
      terminationGracePeriodSeconds: 60
      serviceAccount: lb
      containers:
      - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0
        name: ingress-nginx
        imagePullPolicy: Always
        ports:
          - name: http
            containerPort: 80
            protocol: TCP
          - name: https
            containerPort: 443
            protocol: TCP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 30
          timeoutSeconds: 5
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/nginx-default-backend

Anything wrong with my configuration? Or any hints on trouble shooting command so that I could manage by myself?

\=====================================================

second edition

1. I have my virtual machine centOs(7.x) running in my host machine win10, professional edition. I donot use google cloud or AWS. I do not have any load balancer, I suppose nginx is reverse proxy, so it has load balancer function. Does image in ingress_nginx_ctl.yaml: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0 is a connector between ingress and nginx, and it is not nginx itself?

2
a) I edit /etc/hosts, and I put following two entries:

  172.16.100.83 gearbox-rack-eureka-server.sup.com
  172.16.100.83 gearbox-rack-config-server.sup.com

b) I see there is dns server in k8s cluster, how to add these two entries into dns? or where is dns console so that I could put these two entries?

-- user84592
kubernetes
kubernetes-ingress

Similar Questions

Kubernetes deleting statefulset deletes pod inspite of cascade=false
Ingress on GKE remains in status "Backend unhealthy"
VolumeClaim in Kubernetes Google Cloud
CloudSQL proxy credentials: invalid Json file
Is it possible to route traffic through a pod with a OpenVPN and a Nginx reverse proxy in Kubernetes?
What should a kubernetes readiness check check
Add a custom header per rule on Kubernetes Ingress with Istio

2 Answers

6/1/2018

I don't know your environment, are you sure you have 'loadbalancer' ? To simplify, you can just use 'hostNetwork: true' to setup your nginx-controller-deploy, so you can access the controller through host ip directly.

And, since we access all kinds of service through ingress-controller, how we differentiate different service? Using domain name. We can point gearbox-rack-eureka-server.your.domain to gearbox-rack-eureka-server:8761, while use gearbox-rack-config-server.your.domain point to gearbox-rack-config-server:8888 in ingress, like this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host: gearbox-rack-eureka-server.your.domain
    http:
      paths:
      - backend:
          serviceName: gearbox-rack-eureka-server
          servicePort: 8761
  - host: gearbox-rack-config-server.your.domain
    http:
      paths:
      - backend:
          serviceName: gearbox-rack-config-server
          servicePort: 8888

And config domainname to your host ip, then use domainname to access these service.

-- Kun Li
Source: StackOverflow
6/5/2018

I have found several problems here:

  1. In terms of Kubernetes, when you specify type: LoadBalancer for Service, it relies on external load balancer provided by a cloud provider. So if you have no such load balancer in your cluster, you cannot use type: LoadBalancer in your settings for ingress-nginx service. But still you have to share your ingress to the outer world, and the easiest way to do it is to use type: NodePort. For example:

    kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
spec:
  type: NodePort
  selector:
    app: ingress-nginx
  ports:
    - port: 80
      nodePort: 31080
      name: http

    Now you can reach Ingress by using address http://<ip-address-of-any-node>:31080. For example, http://172.16.100.83:31080

  2. Next step, you need to provide configuration for Ingress. You can imagine Ingress abstraction as configuration for Ingress-controller (configuration for Nginx in your case).

    apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - http:
      paths:
      - path: /eureka
        backend:
          serviceName: gearbox-rack-eureka-server 
          servicePort: 8761 
      - path: /config
        backend:
          serviceName: gearbox-rack-config-server 
          servicePort: 8888

    As you mentioned, here Nginx as Ingress-controller plays role of a reverse proxy and matches Paths in http://<ip-address-of-any-node>:31080/<path> with Services and Ports.

  3. Also, it is incorrect to use type: NodePort for services you expose with Ingress. It is better to use type: ClusterIP. So, for your services:

    apiVersion: v1
kind: Service
metadata:
  name: gearbox-rack-eureka-server
  labels:
    name: gearbox_rack_eureka_server
spec:
  selector:
    app: gearbox-rack-eureka-server
  type: ClusterIP
  ports:
    - port: 8761
      name: tcp
---
apiVersion: v1
kind: Service
metadata:
  name: gearbox-rack-config-server
  labels:
    name: gearbox-rack-config-server
spec:
  selector:
    app: gearbox-rack-config-server
  type: ClusterIP
  ports:
    - port: 8888
      name: tcp

    Now you can reach eureka on http://172.16.100.83:31080/eureka and config on http://172.16.100.83:31080/config

-- Artem Golenyaev
Source: StackOverflow