I am installing the official jenkins helm chart on GKE.
I am enabling Ingress therefore the corresponding template should be applied and the resource created.
According to the official GKE documentation:
When you create the Ingress, the GKE ingress controller creates and configures an HTTP(S) load balancer according to the information in the Ingress and the associated Services. Also, the load balancer is given a stable IP address that you can associate with a domain name.
However, this does not happen in my case; the ingress does not get an external IP associated with it:
▶ k get ingress --all-namespaces
NAMESPACE NAME HOSTS ADDRESS PORTS AGE
jenkins jenkins-inception * 80 82s
Here is the actual Ingress resource:
▶ k get ingress --all-namespaces -o yaml
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
creationTimestamp: "2020-01-24T21:20:49Z"
generation: 1
labels:
app.kubernetes.io/component: jenkins-master
app.kubernetes.io/instance: jenkins-inception
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: jenkins
helm.sh/chart: jenkins-1.9.16
name: jenkins-inception
namespace: jenkins
resourceVersion: "15741661"
selfLink: /apis/extensions/v1beta1/namespaces/jenkins/ingresses/jenkins-inception
uid: 6461793e-3eef-11ea-a0a5-42010a790807
spec:
rules:
- http:
paths:
- backend:
serviceName: jenkins-inception
servicePort: 8080
path: /jenkins
status:
loadBalancer: {}
kind: List
metadata:
resourceVersion: ""
selfLink: ""
Why is that?
Have tried both nginx and gce in kubernetes.io/ingress.class annotation values.
edit_1: it seems that the HTTP Load Balancing Add On is enabled.
The weirdest part however is the following:
▶ k describe ingress jenkins-inception -n jenkins
Error from server (NotFound): the server could not find the requested resource
~
▶ k get ingress jenkins-inception -n jenkins
NAME HOSTS ADDRESS PORTS AGE
jenkins-inception * 80 11h
edit_2:
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:40:16Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.11-gke.14", GitCommit:"56d89863d1033f9668ddd6e1c1aea81cd846ef88", GitTreeState:"clean", BuildDate:"2019-11-07T19:12:22Z", GoVersion:"go1.12.11b4", Compiler:"gc", Platform:"linux/amd64"}
edit_3: After addressing the kubectl compatibility issue, it turns out no events are generated by the ingress
▶ k describe ingress jenkins-inception -n jenkins
Name: jenkins-inception
Namespace: jenkins
Address:
Default backend: default-http-backend:80 (10.8.32.33:8080)
Rules:
Host Path Backends
---- ---- --------
*
/jenkins jenkins-inception:8080 (10.8.33.87:8080)
Annotations:
kubernetes.io/ingress.class: nginx
Events: <none>
Is there a command line to list enabled add-ons on a cluster?
edit_4: About the add ons..
▶ gcloud container clusters describe inception-cluster --zone us-east4-b | grep -i add -A 6
addonsConfig:
horizontalPodAutoscaling: {}
httpLoadBalancing: {}
kubernetesDashboard:
disabled: true
networkPolicyConfig:
disabled: true
edit_5: After enabling the actual GCE ingress with the correct annotation as pointed out in comments by #Arghya Sadhu, I see the following error in the ingress description
Warning Translate 2s (x11 over 7s) loadbalancer-controller error while evaluating the ingress spec: service "jenkins/jenkins-inception" is type "ClusterIP", expected "NodePort" or "LoadBalancer"
However this contradicts with the following recommendation from the official jenkins helm charts:
# For minikube, set this to NodePort, elsewhere use LoadBalancer
# Use ClusterIP if your setup includes ingress controller
edit_6: The ingress managed to get a public IP:
spec:
rules:
- http:
paths:
- backend:
serviceName: jenkins-inception
servicePort: 8080
path: /jenkins
status:
loadBalancer:
ingress:
- ip: 12.234.543.111
However I am unable to access the following paths:
https://12.234.543.111/jenkins
http://12.234.543.111/jenkins
https://12.234.543.111
http://12.234.543.111
edit_7: The yaml of the jenkins-inception service
▶ k get svc jenkins-inception -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2020-01-25T12:40:14Z"
labels:
app.kubernetes.io/component: jenkins-master
app.kubernetes.io/instance: jenkins-inception
app.kubernetes.io/managed-by: Tiller
app.kubernetes.io/name: jenkins
helm.sh/chart: jenkins-1.9.16
name: jenkins-inception
namespace: jenkins
resourceVersion: "16000964"
selfLink: /api/v1/namespaces/jenkins/services/jenkins-inception
uid: d5bfd760-3f6f-11ea-a0a5-42010a790807
spec:
clusterIP: 10.8.59.184
externalTrafficPolicy: Cluster
ports:
- name: http
nodePort: 30361
port: 8080
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/component: jenkins-master
app.kubernetes.io/instance: jenkins-inception
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
Run describe on the Ingress. If you see create/add events, you have an Ingress controller running in the cluster, otherwise, you probably have the HttpLoadBalancing(GKE Ingress Controller) add-on disabled on your GKE cluster
Edit1:
You have version incompatibility between kubernetes server and kubectl. You can check both client and server version by running below command. Check this issue for details.
kubectl version
Edit2:
You either should not have the annotation kubernetes.io/ingress.class or if you have it needs be gce kubernetes.io/ingress.class: gce
Edit3:
As per the google cloud doc the service type for jenkins-inception service needs to be of type NodePort
Related
Hope you are all well,
I am currently trying to rollout the awx-operator on to a Kubernetes Cluster and I am running into a few issues with going to the service from outside of the cluster.
Currently I have the following services set up:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
awx NodePort 10.102.30.6 <none> 8080:32155/TCP 110m
awx-operator NodePort 10.110.147.152 <none> 80:31867/TCP 125m
awx-operator-metrics ClusterIP 10.105.190.155 <none> 8383/TCP,8686/TCP 3h17m
awx-postgres ClusterIP None <none> 5432/TCP 3h16m
awx-service ClusterIP 10.102.86.14 <none> 80/TCP 121m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 17h
I did set up a NodePort which is called awx-operator. I did attempt to create an ingress to the application. You can see that below:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: awx-ingress
spec:
rules:
- host: awx.mycompany.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: awx
port:
number: 80
When I create the ingress, and then run kubectl describe ingress, I get the following output:
Name: awx-ingress
Namespace: default
Address:
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
awx.mycompany.com
/ awx:80 (10.244.1.8:8080)
Annotations: <none>
Events: <none>
Now I am not too sure whether the default-http-backend:80 error is a red-herring as I have seen this in a number of places and they don't seem too worried about it, but please correct me if I am wrong.
Please let me know whether there is anything else I can do to troubleshoot this, and I will get back to you as soon as I can.
You are right and the blank address is the issue here. In traditional cloud environments, where network load balancers are available on-demand, a single Kubernetes manifest suffices to provide a single point of contact to the NGINX Ingress controller to external clients and, indirectly, to any application running inside the cluster.
Bare-metal environments on the other hand lack this option, requiring from you a slightly different setup to offer the same kind of access to external consumers:
This means you have to do some additional gymnastics to make the ingress work. And you have basically two main options here (all well described here):
A pure software solution: MetalLB
Over the NodePort service.
What is happening here is that you basically creating a service type NodePort with selector that matches your ingress controller pod and then it's routes the traffic accordingly to your ingress object:
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
Full nginx deployment that conatains that service can be found here.
If you wish to skip the ingress you might be just using the nodePort service awx and reach it directly.
I am using Kubernetes 1.22 and the operator version 0.14.0.
I have a Kubernetes baremetal installation and I have to use ingress. The ingress provided with the operator is not compatible with the version of kubernetes I am using so I had to define it myself.
I am using Ansible but you could work out the values for the variables :)
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ awx_deployment_name }}-ingress-unmanaged
namespace: {{ awx_namespace }}
annotations:
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
ingressClassName: nginx
rules:
- host: {{ awx_host }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ awx_deployment_name }}-service
port:
number: 80
tls:
- hosts:
- {{ awx_host }}
secretName: {{ awx_tls_secret}}
you can simply expose the deployment to a service type LoadBalancer
the following command creates a service with a type loadBalancer
kubectl expose deployment awx-demo --port=80 --target-port=8052 --name=awx-lb --type=LoadBalancer
Cluster information:
Installation Method: kubeadm
Kubernetes: 1.19.2
Master & Nodes: Ubuntu 20.04.1 (Oracle Virutalbox)
Docker: 19.03.12
Calico: 3.16.1
Ingress : Bare-metal - 0.40.1
I want to access the Kubernetes dashboard from my laptop using ingress without proxy?
Can anyone help me with the steps... ( I tried multiple ways with the help of the internet... not sure where I am missing?)
Note: As per discussion forums I have added "hostNetwork: true" under the deployment section in ingress YAML to resolve "not working without host parameter" and commented "type: NodePort".
Updated info:
I have created ingress-controller as daemon instead of deployments/pod - this helps in accessing directly with worker IPs. (this is what I am expecting - but unable to access kubernetes dashboard as it is in different namespace)
Ingress yaml: this is running in default namespace
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kdash-in-ns
port:
number: 443
kdash-in-ns yaml - svc with External Name
kind: Service
apiVersion: v1
metadata:
name: kdash-in-ns
namespace: default
spec:
type: ExternalName
externalName: kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local
ports:
- name: https
port: 443
Below details about kdash-in-ns svc with ExternalName
dockeras#ubuntu3:~/simplek8s/kubernetes/yamls/ingress-demo$ kubectl describe svc kdash-in-ns
Name: kdash-in-ns
Namespace: default
Labels: <none>
Annotations: <none>
Selector: <none>
Type: ExternalName
IP:
External Name: kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local
Port: https 443/TCP
TargetPort: 443/TCP
Endpoints: <none>
Session Affinity: None
Events: <none>
kubectl describe for the updated ingress route: in this i have ngnix - which is working fine (i guess both ingress and nginx are in same namespace.. getting error for dashboard - as it in different namespace (kubernetes-dasbhoard))
dockeras#ubuntu3:~$ kubectl describe ing nginx-ingress
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
Name: nginx-ingress
Namespace: default
Address: 192.168.1.31,192.168.1.32
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
*
/nginx nginx-deploy-main:80 )
/foo kubernetes-dashboard:443 (<error: endpoints "kubernetes-dashboard" not found>)
/dashboard kdash-in-ns:443 (<error: endpoints "kdash-in-ns" not found>)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 4m40s nginx-ingress-controller Ingress default/nginx-ingress
When I tried the same URLs in browser below are the responses (One of my worker iP - 192.168.1.31)
192.168.1.31/nginx - responds with nginx default page (pod - nginx-deploy-main)
192.168.1.31/foo - error page - 503 service temporarily Unavailable (default nginx)
192.168.1.31/dashboard - 504 Gateway Time-out (default nginx)
running svc, pods:
All Pods and svcs
If I understand correctly, you want to access kubernetes service (dashboard) from outside cluster. You may deploy metallb LoadBalancer and manage a pull of IPs from external cluster network, assigned to your cluster.
So, you can assign an IP and a LoadBalancer through which you will access your service. Below is an example for mssql server, but you can easily adapt it to your needs with dashboard:
apiVersion: v1
kind: Service
metadata:
name: sql-server-lb
namespace: database-server
annotations:
metallb.universe.tf/address-pool: default
spec:
selector:
app: sql-server
ports:
- port: 1433
targetPort: 1433
type: LoadBalancer
https://metallb.universe.tf/
Notes
I am trying to deploy a service and ingress for a demo service (from 'Kubernetes in Action') to an AWS EKS cluster in which the traefik ingress controller has been Helm installed.
I am able to access the traefik dashboard from the traefik.example.com hostname after manually adding the IP address of the AWS ELB provisioned by traefik to that hostname in my local /etc/hosts file.
If I describe the service and ingress of the traefik-dashboard:
$ kubectl describe svc -n kube-system traefik-dashboard
Name: traefik-dashboard
Namespace: kube-system
Labels: app=traefik
chart=traefik-1.52.6
heritage=Tiller
release=traefik
Annotations: <none>
Selector: app=traefik,release=traefik
Type: ClusterIP
IP: 10.100.164.81
Port: <unset> 80/TCP
TargetPort: 8080/TCP
Endpoints: 172.31.27.70:8080
Session Affinity: None
Events: <none>
$ kubectl describe ing -n kube-system traefik-dashboard
Name: traefik-dashboard
Namespace: kube-system
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
traefik.example.com
traefik-dashboard:80 (172.31.27.70:8080)
Annotations:
Events: <none>
The service and ingress controller seem to be using the running traefik-575cc584fb-v4mfn pod in the kube-system namespace.
Given this info and looking at the traefik docs, I try to expose a demo service through its ingress with the following YAML:
apiVersion: apps/v1beta2
kind: ReplicaSet
metadata:
name: kubia
spec:
replicas: 3
selector:
matchLabels:
app: kubia
template:
metadata:
labels:
app: kubia
spec:
containers:
- name: kubia
image: luksa/kubia
---
apiVersion: v1
kind: Service
metadata:
name: kubia
namespace: default
spec:
selector:
app: traefik
release: traefik
ports:
- name: web
port: 80
targetPort: 8080
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubia
namespace: default
spec:
rules:
- host: kubia.int
http:
paths:
- path: /
backend:
serviceName: kubia
servicePort: web
After applying this, I am unable to access the kubia service from the kubia.int hostname after manually adding the IP address of the AWS ELB provisioned by traefik to that hostname in my local /etc/hosts file. Instead, I get a Service Unavailable in the response. Describing the created resources shows some differing info.
$ kubectl describe svc kubia
Name: kubia
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"kubia","namespace":"default"},"spec":{"ports":[{"name":"web","por...
Selector: app=traefik,release=traefik
Type: ClusterIP
IP: 10.100.142.243
Port: web 80/TCP
TargetPort: 8080/TCP
Endpoints: <none>
Session Affinity: None
Events: <none>
$ kubectl describe ing kubia
Name: kubia
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
kubia.int
/ kubia:web (<none>)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"kubia","namespace":"default"},"spec":{"rules":[{"host":"kubia.int","http":{"paths":[{"backend":{"serviceName":"kubia","servicePort":"web"},"path":"/"}]}}]}}
Events: <none>
I also notice that the demo kubia service has no endpoints, and the corresponding ingress shows no available backends.
Another thing I notice is that the demo kubia service and ingress is in the default namespace, while the traefik-dashboard service and ingress are in the kube-system namespace.
Does anything jump out to anyone? Any suggestions on the best way to diagnose it?
Many thanks in advance!
It would seem that you are missing the kubernetes.io/ingress.class: traefik that tells your Traefik ingress controller to serve for that Ingress definition.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubia
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: kubia.int
http:
paths:
- path: /
backend:
serviceName: kubia
servicePort: web
If you look at the examples in the docs you can see that the only Ingress that doesn't have annotation is traefik-web-ui that points to the Traefik Web UI.
I've got the following:
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: abcxyz
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: abcxyz
http:
paths:
- path: /a/
backend:
serviceName: service-a
servicePort: 80
- path: /b/
backend:
serviceName: service-b
servicePort: 80
Output of kubectl describe ingress abcxyz:
Name: abcxyz
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
abcxyz
/a/ service-a:80 (<none>)
/b/ service-b:80 (<none>)
Annotations:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 16m nginx-ingress-controller Ingress default/abcxyz
Normal UPDATE 12m (x2 over 15m) nginx-ingress-controller Ingress default/abcxyz
Why is the address empty? I've installed the 'nginx ingress controller' through helm using helm install stable/nginx-ingress - and all of it's pods relevent seem to be running fine.
How can I provide access to the ingress?
The solution for me was:
minikube addons enable ingress
Type
minikube ip
to retrieve the master IP. for example:
bash-3.2$ minikube ip
192.168.1.100
The command that provides information about the kubernetes cluster is:
bash-3.2$ kubectl cluster-info
Kubernetes master is running at https://192.168.1.100:8443
KubeDNS is running at https://192.168.1.100:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
You can test the ingress controller from the host machine using curl:
bash-3.2$ curl http://192.168.1.100:80
default backend - 404
Finally, add a host entry to be able to use a name to refer to the cluster IP address
In /etc/hosts add:
192.168.1.100 abcxyz
There appears to be a bug in https://helm.nginx.com/stable that makes it not bind to the Address in minikube.
The solution that worked for me was to instead use https://kubernetes.github.io/ingress-nginx
The installation instructions for the kubernetes version of NGINX ingress are here: https://kubernetes.github.io/ingress-nginx/deploy/, but here's the gist:
Helm
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx
Minikube
minikube addons enable ingress
microk8s
microk8s enable ingress
Also to note, the "bare metal" installation instructions use a NodePort. But most IaaS providers have their own way of assigning IPs, so they have specific instructions for each provider.
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
helm.sh/chart: ingress-nginx-3.33.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.47.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
I have kubernetes-dashboard service with type is ClusterIP. How can I access dashboard internal? I use Alibaba Cloud.
My service.yml
---
kind: Service
apiVersion: v1
metadata:
labels:
kubernetes.io/cluster-service: "true"
app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 9090
selector:
app: kubernetes-dashboard
I would like to run my dashboard at http://MASTER_IP:80
The status when running kubectl cluster-info:
Kubernetes master is running at https://MASTER_IP:6443
Heapster is running at https://MASTER_IP:6443/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://MASTER_IP:6443/api/v1/namespaces/kube-system/services/kube-dns/proxy
kubernetes-dashboard is running at https://MASTER_IP:6443/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy
monitoring-influxdb is running at https://MASTER_IP:6443/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy
When I access https://MASTER_IP:6443, I got the error default backend - 404.
Note: Don't use NodePort and kubectl proxy.
Many thanks.
Change the dashboard service type to NodePort then you can access dashboard with any cluster :
change service type from ClusterIP to NodePort
kubectl -n kube-system edit svc kubernetes-dashboard
Get the service port number.
kubectl -n kube-system get svc kubernetes-dashboard -o yaml |grep nodePort
Access dahboard with https://masererverIP:nodeportnumber
In this answer you can find the different ways to access the dashboard.
If you are not using NodePort or kubectl proxy, your best options are
API Server
In case Kubernetes API server is exposed and accessible from outside you can directly access dashboard at: https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
Ingress
Dashboard can be also exposed using Ingress resource. For example
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard-ingress
namespace: kube-system
spec:
rules:
— host: kubernetes
http:
paths:
— path: /ui
backend:
serviceName: kubernetes-dashboard
servicePort: 80