K
Q

Why is there an ADDRESS for the ingress-service? What's the use of that ADDRESS?

10/31/2019

I deploy my cluster on GKE with an Ingress Controller

I use Helm to install the following:

  • Installed Ingress Controller
  • Deployed Load Balancer Service (Create a Load Balancer on GCP as well)

I also deployed the Ingress Object (Config as below)

Then I observed the following status ...

The Ingress Controller is exposed (By Load Balancer Service) with two endpoints: 35.197.XX.XX:80, 35.197.XX.XX:443

These two endpoints are exposed by the Cloud load balancer. I have no problem with it.

However, when I execute kubectl get ing ingress-service -o wide, it prints out the following info.

NAME              HOSTS             ADDRESS       PORTS     AGE
ingress-service   k8s.XX.com.tw   34.87.XX.XX   80, 443   5h50m

I really don't under the use of the IP under the ADDRESS column.

I can also see that Google add some extra info to the end of my Ingress config file about load balancer IP for me.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
   ....(ommitted)
spec:
  rules:
  - host: k8s.XX.com.tw
    http:
      paths:
      - backend:
          serviceName: client-cluster-ip-service
          servicePort: 3000
        path: /?(.*)
      - backend:
          serviceName: server-cluster-ip-service
          servicePort: 5000
        path: /api/?(.*)
  tls:
  - hosts:
    - k8s.XX.com.tw
    secretName: XX-com-tw
status:
  loadBalancer:
    ingress:
    - ip: 34.87.XX.XX

According to Google's doc, this (34.87.XX.XX) looks like an external IP, but I can't access it with http://34.87.XX.XX

My question is that since we already have an external IP (35.197.XX.XX) to receive the traffic, why do we need this ADDRESS for the ingress-service?

If it's an internal or external IP ADDRESS? What is this ADDRESS bound to? What exactly is this ADDRESS used for?

Can anyone shed some light? Thanks a lot!

-- John the Traveler
kubernetes
kubernetes-ingress
nginx-ingress

Similar Questions

Kubernetes Cluster Autoscaler: Custom metric aggregation
How to reserve certain worker nodes for a namespace
Sometimes missing desiredContainers
Managing Create & Update of Kubernetes Deployment in CI/CD pipeline Implementation
Why is Spring Cloud ignoring my bootstrap-prod.xml?
substituting variables in yml files in azure pipelines
Node level metrics are not available in Prometheus (installed with Istio 1.6)

1 Answer

10/31/2019

If you simply go take a look at the documentation you will have your answer.

What is an ingress ressource: https://kubernetes.io/docs/concepts/services-networking/ingress/#what-is-ingress

So following the doc:

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

To be more precise on cloud provider, the ingress will create a load-balancer to expose the service to the internet. The cocumentation on the subject specific to gke: https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer

That explains why you have an external ip for the ingress.

What you should do now:

  • If you don't want to expose HTTP or/and HTTPS ports just delete the ingress ressource, you don't use it so it's pretty much useless.
  • If you are using HTTP/HTTPS ressources, change your service type to nodePort and leave the management of the load balancer to the ingress.

My opinion is that, as you are deploying the ingress-controller, you should select the second option and leave the management of the load-balancer to it. For the ingress of the ingress-controller, don't define rules just the backend to the nodePort service, the rules should be defined in specific ingress for each app and be managed by the ingress-controller.

-- night-gold
Source: StackOverflow