Kubernetes nginx ingress accesses outside of cluster without using service

11/26/2019

Apologies if this has been answered before, but I am a little confused on Ingress Nginx is working together with services.

I am trying to implement an nginx ingress in my Kubernetes environment. So far I have an ingress-nginx-controller-deployment setup, as well as a deployment and service for the default backend. I still need to create my actual Ingress resources, the ingress-nginx-controller-service and also my backend.

curl <NodeIP> returns "default backend 404" on port 80 for the Node which the ingress-nginx-controller-deployment is deployed on. However, my understanding is that exposing anything out of the cluster requires a service (Nodeport/Loadbalancer), which is the duty of the ingress-nginx-controller-service.

My question is how is this possible, that I can access port 80 for my Node on my browser, which is outside the cluster? Could I then deploy my backend app on port 80 the same way the above is done?

I feel like I am misunderstanding a key concept here.

default backend image: gcr.io/google_containers/defaultbackend:1.0

nginx-controller image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.3

-- xbfh0516
kubernetes
kubernetes-ingress
nginx-ingress

1 Answer

11/26/2019

I think you missed a really good article about how nginx-ingress expose to the world!

I short: If you're using hostNetwork: true then you bypass the kubernetes network (kube-proxy). in a simple word, you bypass the container and orchestration network and just using the host network then the node with nginx-ingress container will expose port 80 to the world.

There are other ways that you can use to expose nginx port to outside of the cluster (node-port, network load balancer like MetalLB).

-- Alireza Davoodi
Source: StackOverflow