Kubernetes: multiple domain setup and loadbalancer/ingress strategy

8/2/2021

How is it possible to use more than one domain in the same cluster?

At the moment I've running ONE cluster with one domain pointing to a hardware loadbalancer and traefik as an ingress-controller.

Now I wanna add a second domain pointing to different workloads/services.

Do I need

  1. a second ingress-controller with a second LoadBalancer (and pointing the second domain to that second LB)?
  2. to point the second domain to the same first LoadBalancer to use only one ìngress-controller`?

I am asking, because I have troubles when pointing the second domain to the second Loadbalancer and pointing that one to the existing ingress-controller (nothing happens) But when I point my second domain, to the first Loadbalancer, it seems working as expected.

(My guess is: solution "2")?

(I wanna keep one Ingress-controller, thought I need two loadbalanacers)

Does this have to do with the occupied ports 443 and 80?

Thank you

-- Jan
kubernetes
kubernetes-ingress
traefik-ingress

2 Answers

8/5/2021

My working approach:

  • I use two domains, both pointing to the Loadbalancer (in my case at Hetzner)
  • I create a service type: LoadBalancer which I annotate with the corresponding values:
    • load-balancer.hetzner.cloud/hostname: my.domain.com
    • load-balancer.hetzner.cloud/name: myloadbalancer-name
    • load-balancer.hetzner.cloud/protocol: http
  • I annotate my Ingress Service with kubernetes.io/ingress.class: traefik.
    • I added the routes to that ingress.
┌────────────┐                                                    
│            │                                                    
│ Domain A   │───┐                                                
│            │   │                                                
└────────────┘   │    ┌───────────────┐                           
                 ├───▶│ Loadbalancer A│                           
┌────────────┐   │    └───────────────┘                           
│            │   │            │                                   
│ Domain B   │───┘            ▼                                   
│            │       ┌─────────────────┐     ┌───────────────────┐
└────────────┘       │Service          │     │Ingress            │
                     │                 │◀────│ /    -> frontend  │
                     └─────────────────┘     │ /api -> backend                               │              └───────────────────┘
                       ┌──────┴──────┐                            
                       ▼             ▼                            
                 ┌───────────┐ ┌───────────┐                      
                 │Service    │ │Service    │                      
                 │ FRONTEND  │ │ BACKEND                  │           │ │           │                      
                 └───────────┘ └───────────┘                      
-- Jan
Source: StackOverflow

8/5/2021

a second ingress-controller with a second LoadBalancer (and pointing the second domain to that second LB)?

No there is no requirement for a second LoadBalancer. You can single LB backed by the ingress controller and map the multiple domains.

to point the second domain to the same first LoadBalancer to use only one ìngress-controller`?

Yes, you can use the single ingress controller, inside DNS for both domains you have to add the A value of CNAME value.

From DNS all traffic will get forwarded to LB, which is backed by the ingress controller.

If you are using the Nginx ingress controller different domain or hosts goes like in config

spec:
  rules:
  - host: foobar.com
    http:
      paths:
      - backend:
          serviceName: foobar
          servicePort: 80
  - host: api.foobar.com
    http:
      paths:
      - backend:
          serviceName: foobar
          servicePort: 80

For treafik also it will be the same, or else you can create a two separate ingress instead of one.

ingress-1.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-dashboard
spec:
  rules:
  - host: dashboard.test.domain.com
    http:
      paths:
      - path: /
        backend:
          serviceName: frontend
          servicePort: 80

ingress-2.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-ingress-two
spec:
  rules:
  - host: dashboard.domain.com
    http:
      paths:
      - path: /api
        backend:
          serviceName: backend
          servicePort: 80

path-based further routing you can implement on ingress.

So you over all arch will be something like

All traffic comes from a single point, treafik controller which is exposed as Loadbalancer service.

All your other microservices will be running as the ClusterIP, as we don't want to direct access from the internet.

Read more at : https://medium.com/kubernetes-tutorials/deploying-traefik-as-ingress-controller-for-your-kubernetes-cluster-b03a0672ae0c

-- Harsh Manvar
Source: StackOverflow