I am learning to deploy applications on private clusters. The application is up and running in a pod and is reachable from the node itself. I have created an ingress controller service as well, but I am not sure what's going wrong. The external IP of the nginx-ingress service always returns 404. Any ideas on the fix ?
Services running :
Application service :
Nginx service :
Application ingress :
Ingress yaml :
Looks like the Ingress is not being served by your Nginx Ingress controller at the moment. If the Ingress is served by a controller, it should have at least one IP Address under its status.loadBalancer (which should be the external IP used by the Ingress Controller which is serving it), while in your case, looks empty like this:
status:
loadBalancer: {}
The most common problem on this regard is that the Ingress does not define an Ingress Class or there is no default Ingress Class in the cluster.
First of all, do a k get IngressClass and see if there's any Ingress Class defined. in your cluster. Depending on the Kubernetes version and Ingress Controller version, it could make use of IngressClass objects or simply use annotations (or both).
I would try simply adding the annotation kubernetes.io/ingress.class: nginx under the Ingress metadata as the nginx class is usually the one defined by the Nginx Ingress Controller. Or, if your Ingress Controller is using a different Ingress Class, I'd try specify that in the annotation, then your setup should work.
If you are curious on what is the purpose of an Ingress Class, it can mostly be used to associate an Ingress resource definition, with an ingress controller. On a Kubernetes cluster, there may be more than one Ingress Controller, each one with its own ingress class and Ingress resources are associated to one of them by matching the requested ingress class.
If an ingress class is not specified, the Ingress uses the default one, which means that the IngressClass annotated to be the default one of the cluster is automatically used.
For more info, check the documentation here ( https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class )
Related
I have a private AKS cluster, which is running an NGINX ingress controller that has multiple replicas for HA.
I would like to put a proxy/LB in front of NGINX ingress controller in order to have only one endpoint for end users. What my options are in this case?
I was thinking about having k8s service to proxy multiple ingress controllers.
I would like to put a proxy/LB in front of NGINX ingress controller in
order to have only one endpoint for end users.
If your service type Loadbalancer, LB is already there in front of the Nginx ingress controller.
Still, if you are looking forward to setting the Another Proxy Or LB
I was thinking about having k8s service to proxy multiple ingress
controllers.
You can try the ISTIO service mesh which will provide you the sidecar container proxy if you want multiple proxy setup.
Ref : https://istio.io/latest/blog/2019/data-plane-setup/
Either if you want to use the Nginx ingress controller, you can set up another Ingress controller, API gateway, service mesh in front of `Nginx ingress controller.
So your flow will go like :
API gateway/ingress controller/service mesh ----> Nginx ingress controller ---> k8s service --> Deployment PODs
it might get changes little if you plan to use the sidecar proxy with service mesh.
I have questions about my basic understanding about the setup of my k8s cluster.
I have a K8s running on Hetzner-cloud and allocated a "physical" Loadbalancer (which can be controlled via annotations on a Service.)
I use a nginx (or traefik) as my ingress-controller.
Please correct me if I am wrong:
I create the service Loadbalancer with the annotations in the same namespace of my ingress-controller right?
Then I create an ingress with label kubernetes.io/ingress-controller=nginx in my default namespace with the settings to point to my services in the default namespace (one for frontend, one for backend)
Is this the correct way to set this up?
1.- No. Ingress Controller and your workload doesn't have to be in the same namespace. In fact, you will have the Ingress Controller running in a separate namespace than your workload.
2.-Yes. Generally speaking your Ingress rules, meaning your Ingress object, meaning your Ingress yaml and your Service must be in the same namespace. So Ingress can't transpass a namespace.
Note: There is a way to have an Ingress object to send trafffic to a Service in a different namespace.
I create the service Loadbalancer with the annotations in the same
namespace of my ingress-controller right?
No ideally your ingress controller will be running in different namespace in which your workload must not be running.
You should be keeping only the Nginx service with type : Loadbalancer other services of your workload should be ClusterIP.
So all your traffic comes inside the cluster from one point. Your flow will be something like
DNS > LB > Ingress > Service > Pods > Container
Then I create an ingress with label
kubernetes.io/ingress-controller=nginx in my default namespace with
the settings to point to my services in the default namespace (one for
frontend, one for backend)
You mentioned label ideally, it should be an annotation kubernetes.io/ingress-controller=nginx.
Yes, it's perfect. You can create different ingress with different annotation rules as per requirements for different services that you want to expose publicly.
Keep your workload in default namespace for the controller you can use different namespaces like ingress-controller in future also if you have any requirement of setting up the Monitoring tools also you can create namespace and use it for monitoring only.
I was trying to understand the relation between Kubernetes Ingress Resource and Ingress Controller.
I read that Ingress resource is mainly the rules and controller Pods route the traffic actually for Ingress rules.
I'm confused, like other Objects why Ingress resource can not spin up PODs on its own by specifying the image.
Secondly, how Ingress Object connects to actual Ingress Controller Pods to get its work done ( or say other way round). I don't see specifying any selector in the Ingress Object.
Thirdly, if the Ingress Resource gets its own IP address ( internal or external) then why Ingress Controller needs external IP address.
thanks
PS: I do not have a great knowledge of Kubernetes, please pardon if the questions sound silly.
Details with diagram are posted in GKE tutorial
Ingress with NGINX controller on Google Kubernetes Engine
I don't know if I missed something, but I can't seem to find any posts/doc that is related to my question. Maybe I misunderstand the type ingress in kubernetes, but is it possible to define multiple ingresses that use the same LoadBlancer? Having to start one LoadBalancer for every ingress is costly.
One of the benefit of using ingress it helps to avoid creating an external LoadBalancer for each LoadBalancer type service. On many cloud providers some of the ingress controllers will create the corresponding external Load Balancer resource for each ingress resource. But using Nginx Ingress controller you need one loadBalancer to expose the Nginx Ingress controller itself. Then create multiple ingress resource and have multiple backends. All the backends are served by same external Load Balancer.
From the docs of Nginx Ingress
In this section you can find a common usage scenario where a single
load balancer powered by ingress-nginx will route traffic to 2
different HTTP backend services based on the host name
I have a GKE cluster with Traefik being used as an ingress controller.
I want to create a GKE ingress, but I can't find anywhere which kubernetes.io/ingress.class to use.
I tried to use kubernetes.io/ingress.class: gce, but nothing happened... it's almost like the ingress was completely ignored.
Is there a way to list all available ingress controllers/classes? Or, at least, which kubernetes.io/ingress.class should I use to create a GKE Ingress? (I'll still use traefik for other ingresses).
Run describe on the Ingress. If you see create/add events, you have an Ingress controller running in the cluster, otherwise, you probably have the HttpLoadBalancing(GKE Ingress Controller) add-on disabled on your GKE cluster.
On GKE, The kubernetes.io/ingress.class: gce is the default ingress class, if there is no an annotation defined under the metadata section, the Ingress Resource uses the GCP GCLB L7 load balancer to serve traffic. So have you tried setting the annotation to an empty string?
Being said that, answering the following questions it will help me to understand the contest:
Could you please define you use case? Are you trying to define two
ingress for the same service or convert to curren Traefik to a GCE
ingress?
Could you please attach your GKE ingress definition to see
if there is a sintaxis error ?