K
Q

Giving a different public IP/URL to services on different namespaces

7/13/2021

I'm currently running a set of pods and services inside my production namespace. The services are exposed via the kubernetes nginx-ingress controller.

This is working fine, all the resources can be accesed with no problems.

What I want to achieve now is to have another namespace staging with other types of resources and services, and also be able to access them with a public IP / url. This IP should be different from the production public IP since we don't want to change the URL schema on out nginx ingress.

Is there a way to achieve this using the nginx controller? We are running on AKS and installed the nginx ingress with the following helm commands:

# Create a namespace for your ingress resources
kubectl create namespace ingress-basic

# Add the ingress-nginx repository
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

# Use Helm to deploy an NGINX ingress controller
helm install nginx-ingress ingress-nginx/ingress-nginx \
    --namespace ingress-basic \
    --set controller.replicaCount=2 \
    --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set controller.admissionWebhooks.patch.nodeSelector."beta\.kubernetes\.io/os"=linux

as described here: https://docs.microsoft.com/en-us/azure/aks/ingress-basic

This is the ingress that we use on our helm chart:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  namespace: {{ .Release.Namespace }}
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    cert-manager.io/issuer: "letsencrypt-prod"
    watch-namespace: {{ .Release.Namespace }}
#    nginx.ingress.kubernetes.io/ssl-redirect: "false"
#    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    # Limit uploads to 8TB
    nginx.ingress.kubernetes.io/proxy-body-size: 800000m
spec:
  tls:
    - secretName: my-cert-tls
      hosts:
        - {{ .Values.myDomain }}
  rules:
  - host: {{ .Values.myDomain }}
    http:
      paths:
      # NOTE: this one should come after all other routes. To avoid hijacking requests.
      - path: /api/svc1(/|$)(.*)
        backend:
          serviceName: svc1
          servicePort: 8080
      - path: /api(/|$)(.*)
        backend:
          serviceName: svc2
          servicePort: 8080
      - path: /(.*)
        backend:
          serviceName: svc3
          servicePort: 8080
  - http:
      paths:
      # NOTE: this one should come after all other routes. To avoid hijacking requests.
      - path: /api/svc2(/|$)(.*)
        backend:
          serviceName: svc2
          servicePort: 8080
      - path: /api(/|$)(.*)
        backend:
          serviceName: svc1
          servicePort: 8080
      - path: /(.*)
        backend:
          serviceName: svc3
          servicePort: 8080

Essentially I would like to see:

  • IP 1 => namespace1 resources
  • IP 2 => namespace2 resources

IP1 can never access namespace2 and viceversa.

-- Pablo Estrada
azure-aks
kubernetes
nginx
nginx-ingress

Similar Questions

Configuration for Redis on Azure Kubernetes
Kubernetes CronJob Stops Scheduling Jobs
Using InfluxDB for Horizaontal Pod AutoScaling using Custom Metrics
Ansible, k8s and variables
Where can you find the authoratative resource limits for a pod/container in a kubernetes cluster?

0 Answers