K
Q

Kubernetes with route fanout - Basic understanding of Service setup

8/1/2021

I have questions about my basic understanding about the setup of my k8s cluster.

I have a K8s running on Hetzner-cloud and allocated a "physical" Loadbalancer (which can be controlled via annotations on a Service.) I use a nginx (or traefik) as my ingress-controller.

Please correct me if I am wrong:

  1. I create the service Loadbalancer with the annotations in the same namespace of my ingress-controller right?
  2. Then I create an ingress with label kubernetes.io/ingress-controller=nginx in my default namespace with the settings to point to my services in the default namespace (one for frontend, one for backend)

Is this the correct way to set this up?

-- Jan
kubernetes
kubernetes-ingress

Similar Questions

Scaling service in response to requests on Kubernetes
What is the typical manner in which official/stable Helm charts are maintained?
How to get size of NATS Streaming Queue?
How to fix "404 Not Found" error when creating a WINDOWS_SAC node pool in a cluster (rapid release)
Cannot make connection to existing azure database via service construct

2 Answers

8/1/2021

I create the service Loadbalancer with the annotations in the same namespace of my ingress-controller right?

No ideally your ingress controller will be running in different namespace in which your workload must not be running.

You should be keeping only the Nginx service with type : Loadbalancer other services of your workload should be ClusterIP.

So all your traffic comes inside the cluster from one point. Your flow will be something like 

DNS > LB > Ingress > Service > Pods > Container

Then I create an ingress with label kubernetes.io/ingress-controller=nginx in my default namespace with the settings to point to my services in the default namespace (one for frontend, one for backend)

You mentioned label ideally, it should be an annotation kubernetes.io/ingress-controller=nginx.

Yes, it's perfect. You can create different ingress with different annotation rules as per requirements for different services that you want to expose publicly.

Keep your workload in default namespace for the controller you can use different namespaces like ingress-controller in future also if you have any requirement of setting up the Monitoring tools also you can create namespace and use it for monitoring only.

-- Harsh Manvar
Source: StackOverflow
8/1/2021

1.- No. Ingress Controller and your workload doesn't have to be in the same namespace. In fact, you will have the Ingress Controller running in a separate namespace than your workload.

2.-Yes. Generally speaking your Ingress rules, meaning your Ingress object, meaning your Ingress yaml and your Service must be in the same namespace. So Ingress can't transpass a namespace.

Note: There is a way to have an Ingress object to send trafffic to a Service in a different namespace.

-- suren
Source: StackOverflow