skip to Main Content

after deploying nginx ingress controller there are two services in the nginx namespace

NAME                                 TYPE           CLUSTER-IP    EXTERNAL-IP      
ingress-nginx-controller             LoadBalancer   10.28.13.78    
ingress-nginx-controller-admission   ClusterIP      10.28.8.39    

I understand the external ip maps to the external load balancer that routes traffic to ingress, but what is the functionality of this ClusterIP ?
Does this clusterIP routes traffic to application services, and then application pods?

2

Answers


  1. It relates to the admission webhook. Here is reference to the documentation:

    Avoiding outage from wrong configuration

    Because the ingress controller works using the synchronization loop
    pattern, it is applying the configuration for all matching objects. In
    case some Ingress objects have a broken configuration, for example a
    syntax error in the nginx.ingress.kubernetes.io/configuration-snippet
    annotation, the generated configuration becomes invalid, does not
    reload and hence no more ingresses will be taken into account.

    To prevent this situation to happen, the Ingress-Nginx Controller
    optionally exposes a validating admission webhook server to ensure the
    validity of incoming ingress objects. This webhook appends the
    incoming ingress objects to the list of ingresses, generates the
    configuration and calls nginx to ensure the configuration has no
    syntax errors.

    Login or Signup to reply.
  2. I understand the external ip maps to the external load balancer that
    routes traffic to ingress, but what is the functionality of this
    ClusterIP ?

    ClusterIP type service abstraction is also doing a load balancing but cluster internal. It’s not some running instance as a load balancer you already know. kube-proxy configures ip-tables rules for each pod fronted by this ClusterIP service and randomly routes traffic to different pods (as the same TCP session packets will directed to the same pod otherwise pods will end up not being able to decode meaningful data).

    Does this clusterIP routes traffic to application
    services, and then application pods?

    No, That’s not right. To send traffic from Ingress to application pods it uses a ClusterIP of the application service. Here you also get a ClusterIP when creating a LoadBalancer type service by default. It is for convenience as to not use external IP for internal service to Ingress communication that you may want.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search