skip to Main Content

Important: I am NOT using EKS. I have installed this cluster via shell-script. Consider that it is fully-functioning.

I have a cluster running entirely on EC2 instances, and can’t access a very simple ingress.

I have done the following:

  1. Installed nginx-ingress-controller via helm-chart
$ helm repo add nginx-stable https://helm.nginx.com/stable
$ helm repo update
$ helm install nginx nginx-stable/nginx-ingress --create-namespace --namespace "nginx"
  1. Created my Deployment, Service and Ingress in the app1 namespace

Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deploy1
  namespace: app1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hello1
  template:
    metadata:
      labels:
        app: hello1
    spec:
      containers:
        - image: hashicorp/http-echo
          name: hello1
          args:
            - "-text="Hello from application 1!""

Service:

apiVersion: v1
kind: Service
metadata:
  name: svc1
  namespace: app1
spec:
  selector:
    app: hello1
  ports:
    - protocol: 'TCP'
      port: 5678
      targetPort: 5678
  type: ClusterIP

Ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress1
  namespace: app1
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: app1.alexthedeveloper.com.br
    http:
      paths:
        - pathType: Prefix
          path: "/app1"
          backend:
            service:
              name: svc1
              port:
                number: 5678
  1. Pointed my DNS record app1.alexthedeveloper.com.br to the worker-nodes IP’s in Route 53

enter image description here

  1. When trying to access app1.alexthedeveloper.com.br/app1, I get the following error:

enter image description here

Since the service is of type ClusterIP, I can curl it normally from inside the master node. Also I’m sure that port 80 is open in my security-group, and the cluster is in Amazon Linux 2 vanilla installation (did not change anything)

Please help!

2

Answers


  1. TL;DR

    Contact your nginx-ingress Service by a NodePort (in this example 31111) as the curl to a worker node ip address with port 80 won’t work:

    kubectl get svc -n nginx
    NAME                  TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
    nginx-nginx-ingress   LoadBalancer   10.111.12.216   <pending>     80:-->31111/TCP<--,443:32467/TCP   8m53s
    

    Explanation:

    Kubernetes Services are handled differently when Kubernetes itself is a managed solution like (GKE, AKS, EKS) and non-managed solutions like the one you’ve created.

    Assuming that you are using EKS, nginx-ingress would receive an address from AWS loadbalancer and you could contact it to access your hello-world app.

    You would see that here:

    kubectl get svc -n nginx
    NAME                  TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
    nginx-nginx-ingress   LoadBalancer   10.111.12.216   <pending>     80:31111/TCP,443:32467/TCP   8m53s
                                                          ^^^^^^
                                                           HERE!
    

    Your setup is self-managed hence the output of this command will be similar to the one that I’ve included above. The access to your application can be fulfilled either by:

    • Service of type ClusterIP with a name svc1 and internal port:
      • 5678 (from inside of the cluster)
    • Service of type NodePort of your nginx-ingress controller and the ports:
      • 31111(HTTP) (from outside of the cluster) <– will be different for your setup!
      • 32467(HTTPS) (from outside of the cluster) <– will be different for your setup!

    Basically the external IP for a load balancer targeting your environment won’t be assigned.


    For this to work exactly as described on port 80 you would need to configure your nginx-ingress Deployment to use a hostPort. You would also need to consider what will happen if you have more than 1 Node and nginx-ingress controller will be recreated.

    From best practices standpoint, I would advise against it and stick to a NodePort:

    I believe you can find AWS solutions that could do the port forwarding for you.

    Login or Signup to reply.
  2. I think it’s because of your rewrite. You’re rewriting your /app1 path to / and you have nothing serving on /

    Comment out that line in your annotation, reapply and give it a go again.

    (Sorry for poor formatting, posting on mobile)

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search