kubernetes ingress controller and resource using nginx

0 votes

​I have my kubernetes cluster running on bareOS and not on any cloud platform. I would like to know how running ingress without TLS have remote access to services running inside Kubernetes cluster?

$kubectl get svc
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE attachmentservice 10.254.111.232 <none> 80/TCP 3d financeservice 10.254.38.228 <none> 80/TCP 3d gatewayservice 10.254.38.182 nodes 80/TCP 3d hrservice 10.254.61.196 <none> 80/TCP 3d kubernetes 10.254.0.1 <none> 443/TCP 31d messageservice 10.254.149.125 <none> 80/TCP 3d redis-service 10.254.201.241 <none> 6379/TCP 15d settingservice 10.254.157.155 <none> 80/TCP 3d trainingservice 10.254.166.92 <none> 80/TCP 3d

nginx-ingress-rc.yml
apiVersion: v1 kind: ReplicationController metadata: name: nginx-ingress-rc labels: app: nginx-ingress spec: replicas: 1 selector: app: nginx-ingress template: metadata: labels: app: nginx-ingress spec: containers: - image: nginxdemos/nginx-ingress:0.6.0 imagePullPolicy: Always name: nginx-ingress ports: - containerPort: 80 hostPort: 80

services-ingress.yml
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: services-ingress spec: rules: - host: ctc-cicd2 http: paths: - path: /gateway backend: serviceName: gatewayservice servicePort: 80 - path: /training backend: serviceName: trainingservice servicePort: 80 - path: /attachment backend: serviceName: attachmentservice servicePort: 80 - path: /hr backend: serviceName: hrservice servicePort: 80 - path: /message backend: serviceName: messageservice servicePort: 80 - path: /settings backend: serviceName: settingservice servicePort: 80 - path: /finance backend: serviceName: financeservice servicePort: 80

nginx.conf new content

upstream default-services-ingress-ctc-cicd2-trainingservice {
    server 12.16.64.5:8190;
    server 12.16.65.6:8190;
} upstream default-services-ingress-ctc-cicd2-attachmentservice {
    server 12.16.64.2:8095;
} upstream default-services-ingress-ctc-cicd2-hrservice {
    server 12.16.64.7:8077;
} upstream default-services-ingress-ctc-cicd2-messageservice {
    server 12.16.64.9:8065;
} upstream default-services-ingress-ctc-cicd2-settingservice {
    server 12.16.64.10:8098;
    server 12.16.65.4:8098;
} upstream default-services-ingress-ctc-cicd2-financeservice {
    server 12.16.64.4:8092;
} upstream default-services-ingress-ctc-cicd2-gatewayservice {
    server 12.16.64.6:8090;
    server 12.16.65.7:8090;
}`
server { listen 80;
    server_name ctc-cicd2;
    location /gateway {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-gatewayservice;
    }
    location /training {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-trainingservice;
    }
    location /attachment {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-attachmentservice;
    }
    location /hr {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-hrservice;
    }
    location /message {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-messageservice;
    }
    location /settings {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-settingservice;
    }
    location /finance {
            proxy_http_version 1.1;
           proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
           proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-financeservice;
    }
}

Sep 12, 2018 in Kubernetes by lina
• 8,110 points

edited Sep 12, 2018 by lina 300 views

1 answer to this question.

0 votes

Ingress is just collection of rules that forwards or redirects the traffic. For this you will need an ingress controller. They are mostly written in yaml or JSON format or golang format.

For example:

This one is written in golang and basically listens to the kubeapi for new ingress resources. When it gets a new incoming ingress resource, it will recreate a new nginx conf based off that config and reload the nginx container that makes up your ingress controller:

const (
    nginxConf = `
events {
  worker_connections 1024;
}
http {
  # http://nginx.org/en/docs/http/ngx_http_core_module.html
  types_hash_max_size 2048;
  server_names_hash_max_size 512;
  server_names_hash_bucket_size 64;
{{range $ing := .Items}}
{{range $rule := $ing.Spec.Rules}}
  server {
    listen 80;
    server_name {{$rule.Host}};
{{ range $path := $rule.HTTP.Paths }}
    location {{$path.Path}} {
      proxy_set_header Host $host;
      proxy_pass http://{{$path.Backend.ServiceName}}.{{$ing.Namespace}}.svc.cluster.local:{$path.Backend.ServicePort}};
    }{{end}}
  }{{end}}{{end}}
}`
answered Sep 12, 2018 by Kalgi
• 40,420 points

Related Questions In Kubernetes

0 votes
1 answer

What's the difference between kubernetes load balancer and ingress controller?

Load Balancer: So Kubernetes LoadBalancer just points ...READ MORE

answered Jan 4 in Kubernetes by DareDev
• 6,810 points
395 views
0 votes
1 answer
0 votes
1 answer

deleting pods using kubernetes replication controller

The pods which are managed by ReplicationController ...READ MORE

answered Jul 24, 2018 in Kubernetes by DareDev
• 6,810 points
208 views
0 votes
1 answer
0 votes
1 answer

permissions related to AWS ECR

if you add allowContainerRegistry: true, kops will add those permissions ...READ MORE

answered Oct 9, 2018 in Kubernetes by Kalgi
• 40,420 points
61 views
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17 in Others by anonymous
2,060 views
0 votes
1 answer

Ingress nginx loading resource 404 in kubernetes

This is not a routing problem on ...READ MORE

answered Sep 10, 2018 in Kubernetes by Kalgi
• 40,420 points
854 views
0 votes
2 answers

Deny access to some specific paths while using kubernetes ingress

Try to create two Ingresses first by default ...READ MORE

answered Sep 21, 2018 in Kubernetes by Nilesh
• 6,880 points
966 views