I am trying to use Nginx ingress to access kubernetes dashboard on my local pc. The step I followed are:
Getting nginx ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/cloud/deploy.yaml
Getting kubernetes dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
Applying this ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
spec:
rules:
- host: "kubernetes.docker.internal"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: kubernetes-dashboard
port:
number: 443
Checking that my host file has this line
127.0.0.1 kubernetes.docker.internal
If I try to open http://kubernetes.docker.internal/ on my browser I get "Http Error 400 this page isn't working", while on postman I get an error 400 with message "Client sent an HTTP request to an HTTPS server."
How can I resolve?
I resolved adding annotations section in ingress yaml.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: "kubernetes.docker.internal"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: kubernetes-dashboard
port:
number: 443
Related
I have 3 services in 3 different namespaces I want my ingress rules to map to these backends, on path based routes.
Can someone please guide on the same.
I am using nginx ingress inside azure Kubernetes cluster.
A basic example with an assumption that your nginx ingress is working correctly inside your AKS would be following:
List of Pods with their Services:
Pod
Namespace
Service name
nginx
alpha
alpha-nginx
nginx
beta
beta-nginx
nginx
omega
omega-nginx
Ingress definition for this particular setup:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: alpha-ingress
namespace: alpha
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
ingressClassName: nginx
rules:
- host: "kubernetes.kruk.lan"
http:
paths:
- path: /alpha(/|$)(.*)
pathType: Prefix
backend:
service:
name: alpha-nginx
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: beta-ingress
namespace: beta
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
ingressClassName: nginx
rules:
- host: "kubernetes.kruk.lan"
http:
paths:
- path: /beta(/|$)(.*)
pathType: Prefix
backend:
service:
name: beta-nginx
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: omega-ingress
namespace: omega
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
ingressClassName: nginx
rules:
- host: "kubernetes.kruk.lan"
http:
paths:
- path: /omega(/|$)(.*)
pathType: Prefix
backend:
service:
name: omega-nginx
port:
number: 80
In this example Ingress will analyze and rewrite the requests for the same domain name to send the traffic to different namespaces i.e. alpha, beta, omega.
When you've have finalized your Ingress resource, you can use curl to validate your configuration.
curl kubernetes.kruk.lan/alpha | grep -i "<h1>"
<h1>Welcome to nginx from ALPHA namespace!</h1>
curl kubernetes.kruk.lan/beta | grep -i "<h1>"
<h1>Welcome to nginx from BETA namespace!</h1>
curl kubernetes.kruk.lan/omega | grep -i "<h1>"
<h1>Welcome to nginx from OMEGA namespace!</h1>
I'd encourage you to check following docs on rewrites:
Kubernetes.github.io: Ingress-nginx: Examples: Rewrite
PS: Pods are default nginx containers/images with added text to /usr/share/nginx/html/index.html
I have created a YAML file its only job is: It should immediately redirect to google.com
but it just doesn't work...
my localhost still returns 404-nginx
I'm on docker-desktop and my cluster version is v1.21.5
here is my redirect.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-google
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: https://www.google.com
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: doesntmatter
port:
number: 80
here is my kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
cheddar nginx cheddar.127.0.0.1.nip.io localhost 80 31m
my-google <none> * 80 26m
stilton nginx stilton.127.0.0.1.nip.io localhost 80 31m
wensleydale nginx wensleydale.127.0.0.1.nip.io localhost 80 31m
NOTE: the other ingress sevices e.g. cheddar.127.0.0.1.nip.io is working perfectly...
I guess you forgot the ingress class name.
spec:
ingressClassName: nginx
...
Apart from that, you can create an external service.
---
apiVersion: v1
kind: Service
metadata:
name: google
spec:
type: ExternalName
externalName: www.google.com
ports:
- name: https
port: 443
protocol: TCP
targetPort: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: google
labels:
name: google
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/upstream-vhost: www.google.com
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: google
port:
name: https
Note, that the cert from your ingress controller is not the cert of google. So there can be some issues around that. One setting that may help with those kind of issues is the annotation nginx.ingress.kubernetes.io/upstream-vhost like shown above.
I have 2 ingress objects
first-ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: first-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt"
acme.cert-manager.io/http01-edit-in-place: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- www.example.com
secretName: example-tls
rules:
- host: www.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: first-service
port:
number: 80
second-ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: second-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /$2
cert-manager.io/cluster-issuer: "letsencrypt"
acme.cert-manager.io/http01-edit-in-place: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- www.example.com
secretName: example-tls
spec:
rules:
- host: www.example.com
http:
paths:
- path: /test(/|$)(.*)
pathType: Prefix
backend:
service:
name: second-service
port:
number: 80
The expectation is:
www.example.com/test/whatever -> second-service
www.example.com -> first-service
What I saw is that both www.example.com/test/whatever and www.example.com reach to the first-service
If I change the second-ingress to replace the regex with a static path, it will work. www.example.com/test/whatever will hit the second-service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: second-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt"
acme.cert-manager.io/http01-edit-in-place: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- www.example.com
secretName: example-tls
spec:
rules:
- host: www.example.com
http:
paths:
- path: /test
pathType: Prefix
backend:
service:
name: second-service
port:
number: 80
Any idea why regex does not work? I need the rewrite-target rule, which is the reason I use the regex
The regex that you posted is exactly the same as from the example from the NGINX Ingress Controller docs, but the yaml file is wrong (one mistake with the double spec, below more information) - I tested your yamls files on Kubernetes v.1.21, NGINX Controller version v.1.0.2 and Cert Manager v1.6.1.
A few notes/thoughts about what may be wrong:
Instead of using twice spec: (second-ingress.yaml) , use spec only once. I did not observe the change in the behaviour in the prefixes itself, but in the kubectl get ing command for the second ingress there was no 443 port specified. When I ran kubectl get ing second-ingress -o yaml, there was missing TLS part.
Before (wrong setup):
second-ingress.yaml file:
spec:
tls:
- hosts:
- www.example.com
secretName: example-tls
spec:
rules:
kubectl get ing output (missing port 443 for the second ingress):
user#cloudshell:~/ingress-two-services $ kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
first-ingress <none> www.example.com xx.xx.xx.xx 80, 443 5h7m
second-ingress <none> www.example.com xx.xx.xx.xx 80 50m
kubectl get ing second-ingress -o yaml output (missing tls part):
user#cloudshell:~/ingress-two-services $ kubectl get ing second-ingress -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
...
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
service:
name: second-service
port:
number: 80
path: /test(/|$)(.*)
pathType: Prefix
status:
...
After (good setup):
second-ingress.yaml file:
spec:
tls:
- hosts:
- www.example.com
secretName: example-tls
rules:
kubectl get ing output:
user#cloudshell:~/ingress-two-services $ kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
first-ingress <none> www.example.com xx.xx.xx.xx 80, 443 5h18m
second-ingress <none> www.example.com xx.xx.xx.xx 80, 443 61m
kubectl get ing second-ingress -o yaml output:
user#cloudshell:~/ingress-two-services $ kubectl get ing second-ingress -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
...
spec:
rules:
- host: www.example.com
http:
paths:
- backend:
service:
name: second-service
port:
number: 80
path: /test(/|$)(.*)
pathType: Prefix
tls:
- hosts:
- www.example.com
secretName: example-tls
status:
...
Another thing worth noting that the modified configuration for the second ingress is behaving differently than the one that does not work for you.
Using nginx.ingress.kubernetes.io/rewrite-target: /$2 + path: /test(/|$)(.*):
www.example.com/test/ will rewrite the request to the pod to /
www.example.com/test/whatever will rewrite the request to the pod to /whatever
However, using only path: /test:
www.example.com/test/ will rewrite the request to the pod to /test
www.example.com/test/whatever will rewrite the request to the pod to /test/whatever
Please make sure that you are using a proper setup for which your app is designed to.
Other tips:
make sure that ingress is applied by running kubectl get ing command
get the logs of the NGINX Ingress Controller. Get the name of the Ingress Controller pod (kubectl get pods -n ingress-nginx) and then run kubectl logs -n ingress-nginx ingress-nginx-controller-{...}. Check how your requests are handled and where (which service) they are forwarded to
check the logs of the pods from the deployments and check how they are handling request (kubectl logs {pod-name})
if you are using some out-dated version of the Kubernetes better upgrade it
How do I create an ingress(ping) to expose a single service(hello) given a path (/hello )and a port (6789) in a given namespace (dev)?
the following is right? Also how to verify the same?
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ping
namespace: dev
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /hello
pathType: Prefix
backend:
service:
name: hello
port:
number: 6789
You might need to add the host into the ingress YAML if you are looking forward to use the domain for resolution like
hello-world.info forward the traffic to hello service.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- host: hello-world.info
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web
port:
number: 8080
to verify the changes you can use the Curl to check and test the endpoint also.
Once your YAML file is applied and ingress is created on cluster you can hit the endpoint and verify.
i would recommend checking out the part test your ingress :
https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/#test-your-ingress
I'm running microk8s v1.18.5 from snap on Ubuntu 20.04 with addons ingress, dns, dashboard, helm3, storage.
I'm trying to externally access running services such as grafana and dashboard. I've configured proxy services and ingresses as per docs:
kind: Service
apiVersion: v1
metadata:
name: grafana
namespace: ingress
spec:
type: ExternalName
externalName: monitoring-grafana.kube-system.svc.cluster.local
ports:
- port: 80
---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: grafana-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
- "grafana.example.com"
secretName: grafana-tls
rules:
- host: grafana.example.com
http:
paths:
- backend:
serviceName: grafana
servicePort: 80
path: /
---
and
kind: Service
apiVersion: v1
metadata:
name: dashboard
namespace: ingress
spec:
type: ExternalName
externalName: kubernetes-dashboard.kube-system.svc.cluster.local
ports:
- port: 443
---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: dashboard-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
- "dashboard.example.com"
secretName: dashboard-tls
rules:
- host: dashboard.example.com
http:
paths:
- backend:
serviceName: dashboard
servicePort: 443
path: /
---
Trying to access either dashboard or grafana I get:
503 Service Temporarily Unavailable
openresty/1.15.8.1
What can I do to find the root cause?
I'm also running cert-manager and external-dns from helm3, could their config be related to the issue?
First you have to change your dashboard and grafana service type to NodePort for ingress to work correctly.
Besides that Kubernetes dashboard for microk8s is accessible under <master_node_ip>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ path so you have to mention it in either your URL or in your ingress manifest. When you curl dashboard.example.com
it gives you 503 Service Temporarily Unavailable error. However when you enter full path it will show the website:
curl http://dashboard.example.com:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
<!--
Copyright 2017 The Kubernetes Authors.
[...]
This is an example of ingress that will rewrite /api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy to /dashboard/
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: grafana-ingress
namespace: kube-system
annotations:
kubernetes.io/ingress.class: nginx
# Add https backend protocol support for ingress-nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '<base href="/">' '<base href="/dashboard/">';
sub_filter_once on;
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: dashboard.example.com
http:
paths:
- path: /dashboard(/|$)(.*)
backend:
serviceName: kubernetes-dashboard
servicePort: 443