Question 98307 in Nginx Question posted in
The official documentation can be found here.

Access kubernetes external IP from the internet – Nginx

I am currently setting up a kubernetes cluster (bare ubuntu servers). I deployed metallb and ingress-nginx to handle the ip and service routing. This seems to work fine. I get a response from nginx, when I wget the externalIP of the ingress-nginx-controller service (works on every node). But this only works inside the cluster network. How do I access my services (the ingress-nginx-controller, because it does the routing) from the internet through a node/master servers ip? I tried to set up routing with iptables, but it doesn’t seem to work. What am I doing wrong and is it the best practise ?

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -i eth0 -p tcp -d <Servers IP> --dport 80 -j DNAT --to <ExternalIP of nginx>:80

iptables -A FORWARD -p tcp -d <ExternalIP of nginx> --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

iptables -F

Here are some more information:

kubectl get services -n ingress-nginx

NAME                                 TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.103.219.111   198.51.100.1   80:31872/TCP,443:31897/TCP   41h
ingress-nginx-controller-admission   ClusterIP      10.108.194.136   <none>         443/TCP                      41h

Please share some thoughts
Jonas

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I ended up with installing HAProxy on the maschine I want to resole my domain to. HAProxy listens to port 80 and 443 and forwards all trafic to the externalIP of my ingress controller. You can also do this on multiple mashines and DNS failover for high availability.

    My haproxy.cfg

    frontend unsecure
    bind 0.0.0.0:80
    default_backend unsecure_pass

backend unsecure_pass
    server unsecure_pass 198.51.100.0:80



frontend secure
    bind 0.0.0.0:443
    default_backend secure_pass


backend secure_pass
    server secure_pass 198.51.100.0:443

  2. 0

    Bare-metal cluster are a bit tricky to set-up because you need to create and manage the point of contact to your services. In cloud environment these are available on-demand.

    I followed this doc and can assume that your load balancer seems to be working fine as you are able to curl this IP address. However, you are trying to get a response when calling a domain. For this you need some app running inside your cluster, which is exposed to hostname via Ingress component.

    I’ll take you through steps to achieve that.
    First, create a Deployment to run a webservice, I’m gonna use simple nginx example:

    kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2 
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80

    Second, create a Service of type LoadBalancer to be able to access it externally. You can do that by simply running this command:
    kubectl expose deployment nginx-deployment --type=LoadBalancer --name=<service_name>
    If your software load balancer is set up correctly, this should give external IP address to the Deployment you created before.

    Last but not least, create Ingress service which will manage external access and name-based virtual hosting. Example:

    kind: Ingress
metadata:
  name: <ingress_name>
spec:
  rules:
    - host: <your_domain>
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: <service_name>
                port:
                  number: 80

    Now, you should be able to use your domain name as an external access to your cluster.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search