I am unable to figure out how to set up ingress controller on Kubernetes cluster (not minikube). Every nginx ingress setup I followed yielded to an error and controller not set up properly. Basically, I want an equivalent command to minikube addons enable ingress.
Thanks.
Edit 1->
I am following the installation steps mentioned in https://kubernetes.github.io/ingress-nginx/deploy/
I have tried out the baremetal, cloud and a couple of more ways to install nginx-ingress controller.
In a couple of installations, External IP was stuck on for ever. In the cloud installation, while hosting the ingress service, I encountered the error,
Error from server (InternalError): error when creating "kubernetes-custom-scheduler/kubernetes/configuration/services/loki-ingress.yaml": Internal error occurred: failed calling webhook "validate.nginx.ingress.kubernetes.io": Post "https://ingress-nginx-controller-admission.ingress-nginx.svc:443/networking/v1beta1/ingresses?timeout=10s": dial tcp 10.98.61.194:443: connect: connection refused
I am currently using Debian GNU/Linux 10 (buster).
I have tried using bare-metal ingress controller from https://kubernetes.github.io/ingress-nginx/deploy/ but it is only for NodePort Service. I need the nginx-ingress controller for Cluster-IP Services.
The easiest way would be to install with HELM.
https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-helm/
If you do not have helm, then install it first.
https://helm.sh/docs/intro/install/
Related
Google managed prometheus seems like a great service however at the moment it does not work even in the example... https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-managed
Setup:
create a new autopilot cluster 1.21.12-gke.2200
enable manage prometheus via gcloud cli command
gcloud beta container clusters update <mycluster> --enable-managed-prometheus --region us-central1
add port 8443 firewall webhook command
install ingress-nginx
try and use the PodMonitoring manifest to get metrics from ingress-nginx
Error from server (InternalError): error when creating "ingress-nginx/metrics.yaml": Internal error occurred: failed calling webhook "default.podmonitorings.gmp-operator.gke-gmp-system.monitoring.googleapis.com": Post "https://gmp-operator.gke-gmp-system.svc:443/default/monitoring.googleapis.com/v1/podmonitorings?timeout=10s": x509: certificate is valid for gmp-operator, gmp-operator.gmp-system, gmp-operator.gmp-system.svc, not gmp-operator.gke-gmp-system.svc
There is a thread suggesting this will all be fixed this week (8/11/2022), https://github.com/GoogleCloudPlatform/prometheus-engine/issues/300, but it seems like this should work regardless.
if I try to port forward ...
kubectl -n gke-gmp-system port-forward svc/gmp-operator 8443
error: Pod 'gmp-operator-67d5fff8b9-p4n7t' does not have a named port 'webhook'
I'd like to connect to my nextcloud instance using the internal DNS server (CoreDNS) provided by Kubernetes. I am on remotely connected to the cluster through an Wireguard VPN deployed in Kubernetes:
It clearly states that I am using the CoreDNS server 10.43.0.10 used by all other services:
My nextcloud instance is using the traefik ingress controller described in this file:
Putting
10.43.223.221 nextcloud.local
in my /etc/hosts allows me to access the instance but when if I add a line in my Corefile (as seen in the photo below) to route the nextcloud.local to 10.43.223.221 nothing happens.
What should I do to make it work. I want every peer that is connected to that wireguard instance to be able to use those DNS queries.
Thanks!
I managed to solve my problem by following the solution described in CoreDNS do not respect local DNS. I just added this into my corefile:
I have Installed Ambassador Api gateway on AWS EKS cluster. It's working as expected.
Now I'd like to integrate Istio service mesh.
I'm following the steps given in the ambassador's official documentation.
https://www.getambassador.io/docs/edge-stack/latest/howtos/istio/#istio-integration.
But after Istio integration some ambassador pods are keep crashing.
At a time only 1 pod shows healthy out of 3.
Note: Istio side car are integrated successfully in all ambassador pods. and I have tried with Ambassador 2.1.1 & 2.1.2. But both has same issue. I'm not able to keep all ambassador pod healthy.
My EKS version is v1.19.13-eks
Below are the error:
time="2022-03-02 12:30:17.0687" level=error msg="Post \"http://localhost:8500/_internal/v0/watt?url=http%3A%2F%2Flocalhost%3A9696%2Fsnapshot\": dial tcp 127.0.0.1:8500: connect: connection refused" func=github.com/datawire/ambassador/v2/cmd/entrypoint.notifyWebhookUrl file="/go/cmd/entrypoint/notify.go:124" CMD=entrypoint PID=1 THREAD=/watcher
Please do let me know if the above documentation is not sufficient for Istio integration with Ambassador on AWS EKS
Edit 1: In further investigation I found the issue comes when I tried to integrate Istio with PeerAuthentication STRICT mode. There is no such issue with default (permissive) mode.
But another issue comes when enable the STRICT mode, and now it's failing to connect with redis service
After some investigation and testing I find out the way to integrate Istio with Ambassador with PeerAuthentication STRICT mode.
the fix :
update the REDIS_URL env variable with https
from:
REDIS_URL: ambassador-redis:6379
to
REDIS_URL: https://ambassador-redis:6379
Our on-premise Kubernetes/Kubespray cluster has suddenly stopped routing traffic between the nginx-ingress and node port services. All external requests to the ingress endpoint return a "504 - gateway timeout" error.
How do I diagnose what has broken?
I've confirmed that the containers/pods are running, the node application has started and if I exec into the pod then I can run a local curl command and get a response from the app.
I've checked the logs on the ingress pods and traffic is arriving and nginx is trying to forward the traffic on to the service endpoint/node port but it is reporting an error.
I've also tried to curl directly to the node via the node port but I get no response.
I've looked at the ipvs configuration and the settings look valid (e.g. there are rules for the node to forward traffic on the node port the service endpoint address/port)
We couldn't resolve this issue and, in the end, the only workaround was to uninstall and reinstall the cluster.
I was getting this because the nginx ingress controller pod was running out of memory, I just increased the memory for the pod and it worked.
I was facing a similar issue and the simple fix was to increase the values for the K8S_CPU_LIMIT and K8S_MEMORY_LIMIT for the application pods running on the cluster.
I have started with kubernetes and followed this link to get the response as they mentioned. I followed the exact steps but when I am trying to open the port I get the following error:
How to solve this issue? I have tried by adding the IP address and port in the Browser proxy.
Can anyone help me on this?
Here is the service image: my service image
List of pods: Kubectl Pods
List of kubectl deployments:Deployment List
I believe you're using the baremetal(simple laptop) to deploy your service.
If you have look at my-service it is in pending state and it is of type LoadBalancer. The type load balance is supported only for the cloud providers like aws,azure and google cloud. Hence you are not able to access anything.
I will suggest you to follow this tutorial here which allow you to deploy nginx as a pod and deploy a service around that and export that service as nodeport (without load balancer) to be able to access from outside.