I have Kubernetes cluster v1.19.16 set up in bare metal Ubuntu-18.04 server and currently i want to connect cluster jenkins service through http://jenkins.company.com. Haproxy server side frontend & backend already been configured.
My service.yaml file content as follows,
apiVersion: v1
kind: Service
metadata:
name: jenkins-svc
namespace: jenkins
annotations:
prometheus.io/scrape: 'true'
prometheus.io/path: /
prometheus.io/port: '8080'
spec:
selector:
app: jenkins-server
type: ClusterIP
ports:
- protocol: TCP
port: 8080
targetPort: 80
ingress-resource.yaml file content as follows,
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: jenkins-ingress
namespace: jenkins
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: "jenkins.company.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
serviceName: jenkins-svc
servicePort: 8080
# kubectl get service -n jenkins
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
jenkins-svc ClusterIP 10.96.136.255 <none> 8080/TCP 20m
# kubectl get ing jenkins-ingress
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
jenkins-ingress <none> jenkins.company.com 80 5h42m
# kubectl describe ingress -n jenkins
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Name: jenkins-ingress
Namespace: jenkins
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
jenkins.dpi.com
/ jenkins-svc:8080 (10.244.0.16:80)
Annotations: ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: nginx
Events: <none>
When i tried to access http://jenkins.company.com it shows below error message on browser.
Please let me know what i'm missing here?
The issue with the service port and container port. Jenkins default port is 8080, so I assume your service port is 80
ports:
- protocol: TCP
port: 80
targetPort: 8080
and ingress should be
spec:
rules:
- host: "jenkins.company.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
serviceName: jenkins-svc
servicePort: 80
port: The port of this service
targetPort The target port on the pod(s) to forward traffic to
Difference between targetPort and port in Kubernetes Service definition
Related
I'm using Kubernetes v1.23.16 cluster (One master and three workers) bare metal based.
I have created couple of services in a separate namespace. The same as follows.
$ kubectl get services --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11d
app1 app1-service ClusterIP 10.103.151.235 <none> 80/TCP 19h
app2 app2-service ClusterIP 10.105.88.151 <none> 80/TCP 11d
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 11d
Now I'm having below nginx resource yml to access the service outside. For example i would like access as given below.
http://web.example.com/app1
http://web.example.com/app2
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: app-ingress
spec:
ingressClassName: nginx
rules:
- host: web.example.com
http:
paths:
- path: /app1
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
- path: /app2
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80
When i apply the nginx resource yml file it says service not found error.
$ kubectl describe ingress app-ingress
Name: app-ingress
Labels: <none>
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
web.example.com
/app1 app1-service:80 (<error: endpoints "app1-service" not found>)
/app2 app2-service:80 (<error: endpoints "app2-service" not found>)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2
Since my applications services are running in different namespace separately and my nginx resource yml is running in default namespace. So now how do i configure nginx resource file to access both of my service?
An Ingress resource can only refer to Services in the same namespace as the Ingress. To manage two paths on the same hostname that lead to backends in different namespaces, you will need two separate Ingress resources.
In the app1 namespace:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
namespace: app1
spec:
ingressClassName: nginx
rules:
- host: web.example.com
http:
paths:
- path: /app1
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
And in the app2 namespace:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
namespace: app2
spec:
ingressClassName: nginx
rules:
- host: web.example.com
http:
paths:
- path: /app2
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80
With these resources in place, requests for http://web.example.com/app1 will go to app1-service, and requests for http://web.example.com/app2 will go to app2-service.
NB: I've removed your nginx.ingress.kubernetes.io/rewrite-target annotation because you're not doing any regex-based path rewriting in this example.
I've put a deployable example online here.
Just remove your rewrite path in single ingress you can achieve it.
If you are creating the multiple make sure to change the name as Larsks suggested else it will overwrite the existing one.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
spec:
ingressClassName: nginx
rules:
- host: web.example.com
http:
paths:
- path: /app1
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
- path: /app2
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80
I have two ingress routes created as below,
kubesphere-console
tekton-pipelines
My manifest files are as like below.
**cat ingress-tekton-dashboard.yaml **
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tekton-dashboard
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
ingressClassName: nginx
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: tekton-dashboard
port:
number: 9097
#host: *
...
cat ../kubesphere/ingress-route-kubesphere.yaml
cat ../kubesphere/ingress-route-kubesphere.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubesphere-console
annotations:
kubesphere.io/creator: admin
spec:
ingressClassName: nginx
rules:
- host: crashandburn.australiaeast.cloudapp.azure.com
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: ks-console
port:
number: 80
---
My ingress are as below:
k get ing -nkubesphere-system
NAME CLASS HOSTS ADDRESS PORTS AGE
kubesphere-console nginx * 20.92.133.79 80 28h
ameya#Azure:~/tekton$ k get ing -ntekton-pipelines
NAME CLASS HOSTS ADDRESS PORTS AGE
tekton-dashboard <none> * 80 2m32s
My service for tekton dashboard is like below:
k get svc -n tekton-pipelines
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
tekton-dashboard ClusterIP 10.0.202.127 <none> 9097/TCP 2d3h
tekton-pipelines-controller ClusterIP 10.0.53.46 <none> 9090/TCP,8008/TCP,8080/TCP 2d6h
tekton-pipelines-webhook ClusterIP 10.0.222.121 <none> 9090/TCP,8008/TCP,443/TCP,8080/TCP 2d6h
However, I get the error like below:
k apply -f ingress-tekton-dashboard.yaml -ntekton-pipelines
Error from server (BadRequest): error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"networking.k8s.io/v1\",\"kind\":\"Ingress\",\"metadata\":{\"annotations\":{\"ingress.kubernetes.io/ssl-redirect\":\"false\",\"ingressClassName\":\"nginx\",\"nginx.ingress.kubernetes.io/ssl-redirect\":\"false\"},\"name\":\"tekton-dashboard\",\"namespace\":\"tekton-pipelines\"},\"spec\":{\"ingressClassName\":\"nginx\",\"rules\":[{\"http\":{\"paths\":[{\"backend\":{\"service\":{\"name\":\"tekton-dashboard\",\"port\":{\"number\":9097}}},\"path\":\"/\",\"pathType\":\"Prefix\"}]}}]}}\n"}},"spec":{"ingressClassName":"nginx"}}
to:
Resource: "networking.k8s.io/v1, Resource=ingresses", GroupVersionKind: "networking.k8s.io/v1, Kind=Ingress"
Name: "tekton-dashboard", Namespace: "tekton-pipelines"
for: "ingress-tekton-dashboard.yaml": admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: host "_" and path "/" is already defined in ingress kubesphere-system/kubesphere-console
However, I am using two differnt ports for tekton-dashboard and kubesphere-console so wondering why it is complaining.
Running microk8s v1.23.3 on Ubuntu 20.04.4 LTS. I have set up a minimal pod+service:
kubectl create deployment whoami --image=containous/whoami --namespace=default
This works as expected, curl 10.1.76.4:80 gives the proper reply from whoami.
I have a service configured, see content of service-whoami.yaml:
apiVersion: v1
kind: Service
metadata:
name: whoami
namespace: default
spec:
selector:
app: whoami
ports:
- protocol: TCP
port: 80
targetPort: 80
This also works as expected, the pod can be reached through the clusterIP on curl 10.152.183.220:80.
Now I want to expose the service using the ingress-whoami.yaml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
defaultBackend:
service:
name: whoami
port:
number: 80
rules:
- http:
paths:
- path: /whoami
pathType: Prefix
backend:
service:
name: whoami
port:
number: 80
ingress addon is enabled.
microk8s is running
high-availability: no
datastore master nodes: 127.0.0.1:19001
datastore standby nodes: none
addons:
enabled:
ha-cluster # Configure high availability on the current node
ingress # Ingress controller for external access
ingress seems to point to the correct pod and port. kubectl describe ingress gives
Name: whoami-ingress
Labels: <none>
Namespace: default
Address:
Default backend: whoami:80 (10.1.76.12:80)
Rules:
Host Path Backends
---- ---- --------
*
/whoami whoami:80 (10.1.76.12:80)
Annotations: <none>
Events: <none>
Trying to reach the pod from outside with curl 127.0.0.1/whoami gives a 404:
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
Where did I go wrong? This setup worked a few weeks ago.
Ok, figured it out.
I had forgotten to specify the ingress.class in the annotations-block.
I updated ingress-whoami.yaml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: public
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /whoami
pathType: Prefix
backend:
service:
name: whoami
port:
number: 80
Now everything is working.
I have created a YAML file its only job is: It should immediately redirect to google.com
but it just doesn't work...
my localhost still returns 404-nginx
I'm on docker-desktop and my cluster version is v1.21.5
here is my redirect.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-google
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: https://www.google.com
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: doesntmatter
port:
number: 80
here is my kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
cheddar nginx cheddar.127.0.0.1.nip.io localhost 80 31m
my-google <none> * 80 26m
stilton nginx stilton.127.0.0.1.nip.io localhost 80 31m
wensleydale nginx wensleydale.127.0.0.1.nip.io localhost 80 31m
NOTE: the other ingress sevices e.g. cheddar.127.0.0.1.nip.io is working perfectly...
I guess you forgot the ingress class name.
spec:
ingressClassName: nginx
...
Apart from that, you can create an external service.
---
apiVersion: v1
kind: Service
metadata:
name: google
spec:
type: ExternalName
externalName: www.google.com
ports:
- name: https
port: 443
protocol: TCP
targetPort: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: google
labels:
name: google
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/upstream-vhost: www.google.com
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: google
port:
name: https
Note, that the cert from your ingress controller is not the cert of google. So there can be some issues around that. One setting that may help with those kind of issues is the annotation nginx.ingress.kubernetes.io/upstream-vhost like shown above.
I deployed a basic service in my kubernetes cluster. I handle routing using this Ingress:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: owncloud
spec:
rules:
- host: example.com
http:
paths:
- backend:
serviceName: owncloud
servicePort: 80
I generated a kubernetes secret in default namespace using a generated key and certificate. I named it example-tls and add it to the Ingress config under spec:
tls:
- secretName: example-tls
hosts:
- example.com
When I GET the service using https (curl -k https://example.com), it times out:
curl: (7) Failed to connect to example.com port 443: Connection timed out
It works using http.
What's possibly wrong here?
Here is the describe output of the concerned ingress:
Name: owncloud
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
example.com
owncloud:80 (10.40.0.4:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"owncloud","namespace":"default"},"spec":{"rules":[{"host":"example.com","http":{"paths":[{"backend":{"serviceName":"owncloud","servicePort":80}}]}}]}}
Events: <none>
My Ingress Controller service:
$ kubectl describe service traefik-ingress-service -n kube-system
Name: traefik-ingress-service
Namespace: kube-system
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"traefik-ingress-service","namespace":"kube-system"},"spec":{"port...
Selector: k8s-app=traefik-ingress-lb
Type: NodePort
IP: 10.100.230.143
Port: web 80/TCP
TargetPort: 80/TCP
NodePort: web 32001/TCP
Endpoints: 10.46.0.1:80
Port: admin 8080/TCP
TargetPort: 8080/TCP
NodePort: admin 30480/TCP
Endpoints: 10.46.0.1:8080
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>