Kubernetes Multi Path Routing Issue - kubernetes

I’m using AWS EKS with aws load balancer controller. I have created five services and deployments and make a single ingress file. The deployment has done successfully but when i access ALB-URL with below mentioned paths in ingress file. It gives me 404 error. But the when i used EXTERNALIP:PORT/PATH it’s working fine. How can I fix the issue ?
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
namespace: ee-be
name: ee-ingress
annotations:
# Ingress Core Settings
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/scheme: internet-facing
# Health Check Settings
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: '8012'
alb.ingress.kubernetes.io/healthcheck-path: /
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
spec:
rules:
- http:
paths:
- path: /rwds/*
backend:
serviceName: ee-rwds
servicePort: 8012
- path: /point/*
backend:
serviceName: ee-pe
servicePort: 8013
- path: /user-mgt/*
backend:
serviceName: ee-um
servicePort: 8014

Perhaps you have a ClusterIP service instead an ExternalName service.
ExternalName service example:
apiVersion: v1
kind: Service
metadata:
name: my_service_name
namespace: my_ingress_namespace
spec:
externalName: my_service_name.my_service_namespace_name.svc.cluster.local
ports:
- port: 80
protocol: TCP
targetPort: 80
sessionAffinity: None
type: ExternalName
status:
loadBalancer: {}

Related

Kuberenetes - Custom domain ingress

I have a cluster IP service and a Ingress. What should my custom domain name point to if I need to route traffic using Ingress? Backend is plain http.
Do I have to create a AWS Loadbalancer with target groups pointing to k8s nodes? And use domain alias pointing to aws loadbalancer? I was reading this K8s article and they're pointing to a subdomain.
Ingress.yaml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
creationTimestamp: "2022-08-05T00:50:41Z"
generation: 1
labels:
app: testing
name: httpd
namespace: default
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
service:
name: httpd
port:
number: 8080
path: /
pathType: ImplementationSpecific
tls:
- hosts:
- www.example.com
secretName: tls-secret
status:
loadBalancer: {}
service.yaml:
kind: Service
metadata:
creationTimestamp: "2022-08-05T00:50:41Z"
labels:
app: testing
name: httpd
namespace: default
spec:
clusterIP: 100.65.xxx.xx
clusterIPs:
- 100.65.xxx.xx
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
name: httpd
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
Yes you have to create the Load Balancer however that will auto managed by the K8s service.
You can use the Nginx or other ingress controller as per requirement.
You can checkout this Nice official doc from AWS : https://aws.amazon.com/blogs/opensource/network-load-balancer-nginx-ingress-controller-eks/
Once you deploy the Nginx ingress controller it will manage the ingress resource and the Nginx controller will get the public LB.
Example :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- anthonycornell.com
secretName: tls-secret
rules:
- host: anthonycornell.com
http:
paths:
- path: /apple
backend:
serviceName: apple-service
servicePort: 5678
- path: /banana
backend:
serviceName: banana-service
servicePort: 5678

Ingress .yml file isn't being applied to GKE but works fine in minikube

I've been using minikube and this yml file:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /?(.*)
pathType: Prefix
backend:
service:
name: client-cluster-ip
port:
number: 3000
- path: /api/?(.*)
pathType: Prefix
backend:
service:
name: server-cluster-ip
port:
number: 5000
I've installed helm on my GKE cluster and installed ingress-nginx via helm following their directions here.
I kubectl apply my k8s and they all spin up besides the ingress-service from the file above.
Any help is much appreciated.
I've tried this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-service
namespace: my-ingress-nginx
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: client-cluster-ip
servicePort: 3000
- path: /api/*
backend:
serviceName: server-cluster-ip
servicePort: 5000
I'm really stuck here. Not seeing ingress-service show up like I would in minikube and I have no idea why.
server-cluster-ip:
apiVersion: v1
kind: Service
metadata:
name: server-cluster-ip
spec:
type: ClusterIP
selector:
component: server
ports:
- port: 5000
targetPort: 5000
client-cluster-ip:
apiVersion: v1
kind: Service
metadata:
name: client-cluster-ip
spec:
type: ClusterIP
selector:
component: web
ports:
- port: 3000
targetPort: 3000
The deployments and the clusterIp services above are being applied to the cluster but the ingress-service to direct traffic to them is not.
Services:
NAME TYPE
client-cluster-ip ClusterIP
kubernetes ClusterIP
my-ingress-nginx-controller LoadBalancer
my-ingress-nginx-controller-admission ClusterIP
postgres-cluster-ip ClusterIP
redis-cluster-ip ClusterIP
server-cluster-ip ClusterIP
the my-ingress-nginx-controller and my-ingress-nginx-controller-admission was created when I did helm install my-ingress-nginx ingress-nginx/ingress-nginx
Why can't I create an ingress service?
I realized I needed to open port 8443 from the documentation.
So I went to the firewall list in google cloud. Found the rules that had tcp:80,443 in the Protocols / ports. Clicked it, clicked edit and added 8443 to it.
I had an error after but this fixed it:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-resource
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /?(.*)
backend:
serviceName: client-cluster-ip
servicePort: 3000
- path: /api/?(.*)
backend:
serviceName: server-cluster-ip
servicePort: 5000
Notice I changed * for ?(.*)

Azure Kubernetes Nginx Ingress: How do I properly route to an API service and an Nginx web server with HTTPS and avoid 502?

I have 2 services, one serves up a rest API and the other serves up static content via nginx web server.
I can retrieve the static content from the pod running an nginx web server via the ingress controller using https provided that I don't use the following annotation within the ingress yaml
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
However, the backend API service no longer works. If I add that annotation back, the backend service URL https://fqdn/restservices/engine-rest/v1/api works but the front end https://fqdn/ web server throws a 502.
Ingress
Ingress
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress
namespace: namespace-abc
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
rules:
- http:
paths:
- path: /restservices/engine-rest/v1
backend:
serviceName: a
servicePort: 8080
- path: /
backend:
serviceName: b
servicePort: 8011
Service API
kind: Service
apiVersion: v1
metadata:
name: a
namespace: namespace-abc
labels:
app: a
version: 1
spec:
ports:
- name: https
protocol: TCP
port: 80
targetPort: 8080
nodePort: 31019
selector:
app: a
version: 1
clusterIP: <cluster ip>
type: LoadBalancer
sessionAffinity: ClientIP
externalTrafficPolicy: Cluster
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
Service UI
kind: Service
apiVersion: v1
metadata:
name: b
namespace: namespace-abc
labels:
app: b
version: 1
annotations:
spec:
ports:
- name: http
protocol: TCP
port: 8011
targetPort: 8011
nodePort: 32620
selector:
app: b
version: 1
clusterIP: <cluster ip>
type: LoadBalancer
sessionAffinity: None
externalTrafficPolicy: Cluster
If your problem is that adding nginx.ingress.kubernetes.io/backend-protocol: HTTPS makes service-A work but fails service-B, and removing it makes service-A fail but works for service-B, then the solution is to create two different Ingress objects so they can be annotated independently
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-a
namespace: namespace-abc
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
rules:
- http:
paths:
- path: /restservices/engine-rest/v1
backend:
serviceName: a
servicePort: 8080
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: ingress-b
namespace: namespace-abc
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: b
servicePort: 8011

Not able to access multiple services from ingress controller hosted on different ports

I have two services hosted on different ports and I have created a ingress resource which looks like this
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress
namespace: mynamespace
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- http:
paths:
- path: /svc1/
backend:
serviceName: app1-svc
servicePort: 3000
- path: /svc2/
backend:
serviceName: app2-svc
servicePort: 8080
on top of this I have created a NodePort type ingress controller.
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ingress
name: controller-nginx-ingress-controller
spec:
clusterIP: 10.88.18.191
externalTrafficPolicy: Cluster
ports:
- name: http
nodePort: 30080
port: 80
protocol: TCP
targetPort: http
- name: https
nodePort: 31442
port: 443
protocol: TCP
targetPort: https
selector:
app: nginx-ingress
component: controller
release: controller
And finally, setup a cloud load balancer to access application running on my K8S cluster.
Problem:
I couldn't able to access any of my application using URL routing
http://load-balancer-ip/svc1/
http://load-balancer-ip/svc2/
Can anyone please let me know what incorrect I'm doing? And how to resolve this issue?
From what you mentioned in comments I am pretty sure the problem can be solved with path rewrites.
Now, when you are sending a request to /svc1/ with path: /svc1/ then the request is forwarded to app1-svc with path set to /svc1/ and you are receiving 404 errors as there is no such path in app1. From what you mentioned, you can most probably solve the issue using rewrite. You can achieve it using nginx.ingress.kubernetes.io/rewrite-target annotation, so your ingress would look like following:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress
namespace: mynamespace
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- http:
paths:
- path: /svc1(/|$)(.*)
backend:
serviceName: app1-svc
servicePort: 3000
- path: /svc2(/|$)(.*)
backend:
serviceName: app2-svc
servicePort: 8080
In this case when sending request with path set to /svc1/something the request will be forwarded to app1 with path rewritten to /something.
Also take a look in ingress docs for more explanation.
Let me know if it solved you issue.

Expose multiple apps in gcloud kubernetes cluster

I have 2 apps running on gcloud kubernetes cluster and exposed via services. I followed steps from https://cloud.google.com/kubernetes-engine/docs/tutorials/http-balancer, for serving multiple applications on load balancer.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: fanout-ingress
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: nginx
servicePort: 80
- path: /app1
backend:
serviceName: app1server
servicePort: 8080
- path: /app2
backend:
serviceName: app2server
servicePort: 8080
services looks like this :
apiVersion: v1
kind: Service
metadata:
name: app1server
spec:
ports:
- name: app1-port
port: 8080
type: NodePort
----
apiVersion: v1
kind: Service
metadata:
name: app1server
spec:
ports:
- name: app2-port
port: 8080
type: NodePort
But I am getting default backend - 404 error when I try to access http://ip/app1/test or http://ip/app2/test
Can anyone please tell me how I can achieve this?