I am new to kubernetes and I have minikube setup on my linux mint 20.
I am trying to implement server side rendering with nextjs, I have installed ingress-nginx using helm.
ingess-service.yaml :
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: example.dev
http:
paths:
- backend:
serviceName: users-srv
servicePort: 4000
path: /api/users/?(.*)
- backend:
serviceName: ui-srv
servicePort: 3000
path: /?(.*)
in next js app ui I want to access ingress controller in order to make api calls from server side. I tried:
axios.get('http://ingress-nginx-controller-admission/api/users/currentuser')
axios.get('http://ingress-nginx-controller/api/users/currentuser')
axios.get('http://ingress-service/api/users/currentuser')
but nothing is working.
kubctl get services:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.107.45.123 172.42.42.100 80:31205/TCP,443:32568/TCP 80m
ingress-nginx-controller-admission ClusterIP 10.111.229.112 <none> 443/TCP 80m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 6d1h
ui-srv ClusterIP 10.99.20.51 <none> 3000/TCP 89s
users-mongo-srv ClusterIP 10.103.187.200 <none> 27017/TCP 89s
users-srv ClusterIP 10.99.15.244 <none> 4000/TCP 89s
can anyone help me out ?
Thanks in advance...
The ingress is designed to handle external traffic to the cluster and as such, it is expecting the request to arrive at the domain you specified (aka example.dev)
To access your APIs from inside a Pod, you should most definitely use directly the services that are served by the Ingress, such as users-srv or ui-srv.
If you really want to contact the ingress instead of the Service, you could try a couple things:
Make so that example.dev points to the LoadBalancer IP address, for example adding it to /etc/hosts of the cluster's nodes should work 8or even internally in the Pod). But take into consideration that this means accessing the services by a long route when you could just access them with the service name.
Remove the host parameter from your rules, meaning the services should be served generally at the IP address of the nginx-controller, this should make using ingress-nginx-controller work as expected. This is not supported by all Ingress Controllers but it could work.
Related
I am trying to configure a hello world application using ingress in GKE. I have been referring a GCP official documentation to deploy an application using Ingress.
Deploying an app using ingress
But this does not work i have tried to refer several documents but none of those work. I have installed the ingress controller in my kubernetes cluster.
kubectl get svc -n ingress-nginx returns below output
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
AGE
ingress-nginx-controller LoadBalancer 10.125.177.232 35.232.139.102 80:31835/TCP,443:31583/TCP 7h24m
kubectl get pods-n ingress-nginx returns
NAME READY STATUS RESTARTS AGE
ingress-nginx-admission-create-jj72r 0/1 Completed 0 7h24m
ingress-nginx-admission-patch-pktz6 0/1 Completed 0 7h24m
ingress-nginx-controller-5cb8d9c6dd-vptkh 1/1 Running 0 7h24m
kubectl get ingress returns below output
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-resource <none> 35.232.139.102.nip.io 34.69.2.173 80 7h48m
kubectl get pods returns below output
NAME READY STATUS RESTARTS AGE
hello-app-6d7bb985fd-x5qpn 1/1 Running 0 43m
kubect get svc returns below output
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello-app ClusterIP 10.125.187.239 <none> 8080/TCP 43m
Ingress resource yml file used
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-resource
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: 35.232.139.102.nip.io
http:
paths:
- pathType: Prefix
path: "/hello"
backend:
service:
name: hello-app
port:
number: 8080
Can someone tell me what i am doing wrong ? When i try to reach the application its not working.
So I have installed Ingress-controller and used ingress controller ip as the host in my ingress file.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-resource
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: "35.232.139.102.nip.io"
http:
paths:
- pathType: Prefix
path: "/hello"
backend:
service:
name: hello-app
port:
number: 8080
Issue here was I forgot to add the IP from which I was accessing the application. When you create a GKE cluster there will be a firewall with the cluster-name-all in this firewall you will need to add your IP address of the machine from which you are trying to access the application. Also ensure that the port number is also exposed in my case both were not provided hence it was failing.
I have on-premise k8s cluster with 3 masters and 4 workers. Metallb is installed and DHCP is provided for him from the same network as on-premise cluster IPs.
I tried to start Kubernetes Dashboard app in the cluster and everything is working fine except LoadBalancer type of Service of Kubernetes Dashboard:
apiVersion: v1
metadata:
annotations:
metallb.universe.tf/address-pool: single-ip
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: LoadBalancer
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
externalIPs:
- 192.168.1.129
root#master1:/# kubectl get services -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.249.40.230 <none> 8000/TCP 6h8m
kubernetes-dashboard LoadBalancer 10.249.3.22 192.168.1.129 443:32593/TCP 6h8m
After applying all configs dashboard is starting to work at https://192.168.1.129 from cluster and from my computer correctly.
But after some time stopped to work from my computer but continue to work from cluster. From my computer I'm getting "Connection refused error".
From my computer and from cluster 192.168.1.129 IP is pinging normally without any problems.
externalTrafficPolicy is Cluster by default. Changing it to Local didn't help.
What's happening? How to resolve issue when service working and then stopping to work and then again starting to work? :)
I am trying to access the Kubernetes Dashboard through an Istio Gateway + Virtual Service.
However, all I get is 404 page not found when I try to access the dashboard with browser. Accessing the Dashboard through k8s NodePort or k8s LoadBalancer service works just as expected. The pod, however, complains in the logs about http: TLS handshake error from 127.0.0.6:52483: remote error: tls: bad certificate.
Running httpbin through Istio (as given in their documentation) works as expected, so Istio seem to be working fine as well.
I am using the official Kubernetes Dashboard YAML-s. I am giving the service below (with type: LoadBalancer added, although it doesn't seem to make a difference for Istio, although it allows me to access the Dashboard through a separate IP).
Just for the record, my k8s cluster is comprised of VirtualBox machines running MetalLB.
kubectl get services --all-namespaces returns the following:
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 11d
httpbin httpbin ClusterIP 10.100.186.188 <none> 8000/TCP 47h
istio-system istio-egressgateway ClusterIP 10.109.231.163 <none> 80/TCP,443/TCP 5d3h
istio-system istio-ingressgateway LoadBalancer 10.111.188.94 192.168.56.46 15021:31440/TCP,80:31647/TCP,443:32715/TCP 5d3h
istio-system istiod ClusterIP 10.104.236.247 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 5d3h
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 11d
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.101.131.136 <none> 8000/TCP 43h
kubernetes-dashboard kubernetes-dashboard-service LoadBalancer 10.103.130.244 192.168.56.47 443:30041/TCP 43h
kubernetes-dashboard kubernetes-dashboard-service-np NodePort 10.100.49.224 <none> 8443:30002/TCP 43h
If I try to access the LoadBalancer directly via the IP from above and through browser, I get the usual Kubernetes Dashboard login page. The browser url is https://192.168.56.47.
YAML-s:
istio-gateway.yaml:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kubernetes-dashboard-gateway
namespace: kubernetes-dashboard
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: PASSTHROUGH
hosts:
- "*"
istio-virtual-service.yaml:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kubernetes-dashboard-virtual-service
namespace: kubernetes-dashboard
spec:
hosts:
- "*"
gateways:
- kubernetes-dashboard-gateway
tls:
- match:
- sniHosts: ["*"]
route:
- destination:
host: kubernetes-dashboard-service
port:
number: 443
dashboard-service.yaml:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-service
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
# - port: 8000
# targetPort: 9090
selector:
k8s-app: kubernetes-dashboard
type: LoadBalancer
User suren has mentioned:
your gateway is listening 443. not 80
Yes, this could be a problem. You are trying to reach port 80, but you are exposing only port 443. Try to change your configuration or change your port during request.
See albo documentation about Deploy and Access the Kubernetes Dashboard.
Hm, I got it working with the configuration as above and with explicitly specifying a host in all places where I have previously placed a "*". I had to add that host in /etc/hosts to be able to access it in browser.
It seems that this last part was key, as well as specifying the sniHost in the Virtual Service. The other problems were mostly configuration issues with the TLS. Setting it to PASSTHROUGH seems to work, because it forces Istio to sort of forward the HTTPS request to the Kubernetes Dashboard, which is responsible for decrypting etc.
I have a simple demo Flask application that is deployed to kubernetes using minikube. I am able to access the app using the Services. But I am not able to connect using ingress.
Services.yaml
apiVersion: v1
kind: Service
metadata:
name: services-app-service
spec:
selector:
app: services-app
type: ClusterIP
ports:
- protocol: TCP
port: 5000 # External connection
targetPort: 5000 # Internal connection
D:Path>kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db ClusterIP None <none> 3306/TCP 120m
kubernetes ClusterIP 10.20.30.1 <none> 443/TCP 3h38m
services-app-service ClusterIP 10.20.30.40 <none> 5000/TCP 18m
I am able to access the app using minikube.
D:Path>minikube service services-app-service --url
* service default/services-app-service has no node port
* Starting tunnel for service services-app-service.
|-----------|----------------------|-------------|------------------------|
| NAMESPACE | NAME | TARGET PORT | URL |
|-----------|----------------------|-------------|------------------------|
| default | services-app-service | | http://127.0.0.1:50759 |
|-----------|----------------------|-------------|------------------------|
http://127.0.0.1:50759
! Because you are using a Docker driver on windows, the terminal needs to be open to run it.
Ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: services-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: mydemo.info
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: services-app-service
port:
number: 5000
D:Path>kubectl get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
services-ingress <none> mydemo.info 192.168.40.1 80 15m
Are there any additional configuration required to access the app via ingress?
The ingress, and ingress-dns addons are currently only supported on Linux. Currently not supported on windows.
MoreInfo
Not Supported on Windows:
minikube version: v1.16.0
minikube version: v1.17.1
The issue is that you need to access it with a Host head of mydemo.info for that Ingress spec to work. You also need to confirm you have an Ingress Controller installed, usually ingress-nginx for new users but there are many options. Then you would look for the Ingress Controllers NodePort or LoadBalancer service and access through that.
I've been searching for ages. I confirm this doesn't work on MacOS either.
Using minikube tunnel is the only way I found.
I've deployed a series of deployments and services to a Kubernetes cluster with a load balancer. When I try to access my app this does not work as my application is exposed on port 80 but the URL is always redirected to port 443 (HTTPS). I suspect this is to do with the fact that the cluster IP is on port 443.
Any ideas on how I can fix this?
db NodePort 10.245.175.203 <none> 5432:30029/TCP 25m
kubernetes ClusterIP 10.245.0.1 <none> 443/TCP 8m
redis NodePort 10.245.197.157 <none> 6379:31277/TCP 25m
web LoadBalancer 10.245.126.122 123.12.123.123 80:31430/TCP 25m
This is likely due to your application itself redirecting to port 443. What type of application is it?
This service exposed on port 443 has nothing to do with your application:
kubernetes ClusterIP 10.245.0.1 <none> 443/TCP 8m
It's basically an internal service that allows you to access the kube-apiserver within your cluster.
You could try just setting up the LoadBalancer to listen on port 443 directly. Only you would have to port 80 traffic wouldn't work. If you want the port 80 redirects to work I suggest you use an Ingress controller like nginx. Something like this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: your-ingress
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
tls:
- hosts:
- yourhostname.com
secretName: tls-secret
rules:
- host: yourhostname.com
http:
paths:
- path: /
backend:
serviceName: web
servicePort: 443
You will also have to create a TLS secret holding your cert and key:
$ kubectl create secret tls tls-secret --key /tmp/tls.key --cert /tmp/tls.crt