I have an ingress controller in a GKE cluster with ingress.class
:
kubernetes.io/ingress.class: "nginx"
I wish to assign a static ip to this ingress controller. I followed this tutorial for creating and assigning the static ip:
https://cloud.google.com/kubernetes-engine/docs/tutorials/configuring-domain-name-static-ip
Basically I reserved a static IP and tried to assign it to the ingress using:
kubernetes.io/ingress.global-static-ip-name: "my-ingress-static-ip"
The Problem
The ip address ingress did not changed to the new assigned static ip.
How should I assign this static IP to the ingress?
My Configuration
Controller deployed using:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.40.2/deploy/static/provider/cloud/deploy.yaml
My Ingress yaml:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: api-ingress
namespace: development
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
kubernetes.io/ingress.class: "nginx"
# Disallow http - Allowed only with gce controller
# kubernetes.io/ingress.allow-http: "false"
# Enable client certificate authentication
nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
# Create the secret containing the trusted ca certificates
nginx.ingress.kubernetes.io/auth-tls-secret: "development/api-ingress-ca-secret"
# Specify the verification depth in the client certificates chain
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
# Automatically redirect http to https
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# Use regex in paths
nginx.ingress.kubernetes.io/use-regex: "true"
# For notifications we add the proxy headers
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Set a static ip for the ingress
kubernetes.io/ingress.global-static-ip-name: "my-ingress-static-ip"
spec:
tls:
- hosts:
- my-host.com
secretName: api-tls-certificate
rules:
- host: my-host.com
http:
paths:
- path: /(v[0-9]/.*)
backend:
serviceName: my-service
servicePort: 443
Deleting the ingress or the controller did not fixed the problem.
That tutorial is only for the GCE ingress controller.
Note: This tutorial does not apply to the NGINX Ingress Controller.
To set the IP address, you need to specify the actual ip address in the spec:
section of the LoadBalancer service.
spec:
type: LoadBalancer
externalTrafficPolicy: Local
loadBalancerIP: ACTUAL.IP.ADRESS.HERE
ports:
As a note, make sure that your ip address is a regional static IP and not a global IP. This took me quite a while to figure out.