Important: I am NOT using EKS. I have installed this cluster via shell-script. Consider that it is fully-functioning.
I have a cluster running entirely on EC2 instances, and can’t access a very simple ingress.
I have done the following:
- Installed nginx-ingress-controller via helm-chart
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm repo update
$ helm install nginx nginx-stable/nginx-ingress --create-namespace --namespace "nginx"
- Created my Deployment, Service and Ingress in the app1 namespace
Deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy1
namespace: app1
spec:
replicas: 1
selector:
matchLabels:
app: hello1
template:
metadata:
labels:
app: hello1
spec:
containers:
- image: hashicorp/http-echo
name: hello1
args:
- "-text="Hello from application 1!""
Service:
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: app1
spec:
selector:
app: hello1
ports:
- protocol: 'TCP'
port: 5678
targetPort: 5678
type: ClusterIP
Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress1
namespace: app1
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: app1.alexthedeveloper.com.br
http:
paths:
- pathType: Prefix
path: "/app1"
backend:
service:
name: svc1
port:
number: 5678
- Pointed my DNS record app1.alexthedeveloper.com.br to the worker-nodes IP’s in Route 53
- When trying to access app1.alexthedeveloper.com.br/app1, I get the following error:
Since the service is of type ClusterIP, I can curl it normally from inside the master node. Also I’m sure that port 80 is open in my security-group, and the cluster is in Amazon Linux 2 vanilla installation (did not change anything)
Please help!
2
Answers
TL;DR
Contact your
nginx-ingress
Service
by aNodePort
(in this example31111
) as thecurl
to a worker node ip address with port80
won’t work:Explanation:
Kubernetes Services are handled differently when Kubernetes itself is a managed solution like (
GKE
,AKS
,EKS
) and non-managed solutions like the one you’ve created.Assuming that you are using
EKS
,nginx-ingress
would receive an address fromAWS
loadbalancer and you could contact it to access yourhello-world
app.You would see that here:
Your setup is self-managed hence the output of this command will be similar to the one that I’ve included above. The access to your application can be fulfilled either by:
ClusterIP
with a namesvc1
and internal port:5678
(from inside of the cluster)NodePort
of yournginx-ingress
controller and the ports:31111
(HTTP) (from outside of the cluster) <– will be different for your setup!32467
(HTTPS) (from outside of the cluster) <– will be different for your setup!Basically the external IP for a load balancer targeting your environment won’t be assigned.
For this to work exactly as described on port
80
you would need to configure yournginx-ingress
Deployment
to use ahostPort
. You would also need to consider what will happen if you have more than 1Node
andnginx-ingress
controller will be recreated.From best practices standpoint, I would advise against it and stick to a
NodePort
:I believe you can find
AWS
solutions that could do the port forwarding for you.I think it’s because of your rewrite. You’re rewriting your /app1 path to / and you have nothing serving on /
Comment out that line in your annotation, reapply and give it a go again.
(Sorry for poor formatting, posting on mobile)