K
Q

Ingress cannot resolve NodePort IP in GKE

1/31/2019

I have an ingress defined as:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: foo-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: zaz-address
    kubernetes.io/ingress.allow-http: "false"
    ingress.gcp.kubernetes.io/pre-shared-cert: foo-bar-com

spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - path: /zaz/*
        backend:
          serviceName: zaz-service
          servicePort: 8080

Then the service zap-service is a nodeport defined as:

apiVersion: v1
kind: Service
metadata:
  name: zaz-service
  namespace: default
spec:
  clusterIP: 10.27.255.88
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32455
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: zap
  sessionAffinity: None
  type: NodePort

The nodeport is successfully selecting the two pods behind it serving my service. I can see in the GKE services list that the nodeport has an IP that looks internal.

When I check in the same interface the ingress, it also looks all fine, but serving zero pods.

When I describe the ingress on the other hand I can see:

Rules:
  Host                                    Path  Backends
  ----                                    ----  --------
  foo.bar.com
                                          /zaz/*   zaz-service:8080 (<none>)

Which looks like the ingress is unable to resolve the service IP. What am I doing wrong here? I cannot access the service through the external domain name, I am getting an error 404.

How can I make the ingress translate the domain name zaz-service into the proper IP so it can redirect traffic there?

-- Navarro
google-kubernetes-engine
kubernetes
kubernetes-ingress

Similar Questions

Failed to create pod sandbox kubernetes error
Airflow/k8s: How do I correctly set permissions for DAGs stored in a persistent volume?
How to connect to a kerberoized hdfs from Spark on Kubernetes?
Import manually created K8s cluster into KOps

2 Answers

1/31/2019

Seems like the wildcards in the path are not supported yet. Any reason why not using just the following in your case?

spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - path: /zaz
        backend:
          serviceName: zaz-service
          servicePort: 8080
-- Bernard Halas
Source: StackOverflow
2/4/2019

My mistake was, as expected, not reading the documentation thoroughly.

The port stated in the Ingress path is not a "forwarding" mechanism but a "filtering" one. In my head it made sense that it would be redirecting http(s) traffic to port 8080, which is the one where the Service behind was listening to, and the Pod behind the service too.

Reality was that it would not route traffic which was not port 8080 to the service. To make it cleaner I changed the port in the Ingress from 8080 to 80 and in the Service the front-facing port from 8080 to 80 too.

Now all requests coming from the internet can reach the server successfully.

-- Navarro
Source: StackOverflow