kubernetes ingress controller and resource using nginx

+1 vote

​I have my kubernetes cluster running on bareOS and not on any cloud platform. I would like to know how running ingress without TLS have remote access to services running inside Kubernetes cluster?

$kubectl get svc
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE attachmentservice 10.254.111.232 <none> 80/TCP 3d financeservice 10.254.38.228 <none> 80/TCP 3d gatewayservice 10.254.38.182 nodes 80/TCP 3d hrservice 10.254.61.196 <none> 80/TCP 3d kubernetes 10.254.0.1 <none> 443/TCP 31d messageservice 10.254.149.125 <none> 80/TCP 3d redis-service 10.254.201.241 <none> 6379/TCP 15d settingservice 10.254.157.155 <none> 80/TCP 3d trainingservice 10.254.166.92 <none> 80/TCP 3d

nginx-ingress-rc.yml
apiVersion: v1 kind: ReplicationController metadata: name: nginx-ingress-rc labels: app: nginx-ingress spec: replicas: 1 selector: app: nginx-ingress template: metadata: labels: app: nginx-ingress spec: containers: - image: nginxdemos/nginx-ingress:0.6.0 imagePullPolicy: Always name: nginx-ingress ports: - containerPort: 80 hostPort: 80

services-ingress.yml
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: services-ingress spec: rules: - host: ctc-cicd2 http: paths: - path: /gateway backend: serviceName: gatewayservice servicePort: 80 - path: /training backend: serviceName: trainingservice servicePort: 80 - path: /attachment backend: serviceName: attachmentservice servicePort: 80 - path: /hr backend: serviceName: hrservice servicePort: 80 - path: /message backend: serviceName: messageservice servicePort: 80 - path: /settings backend: serviceName: settingservice servicePort: 80 - path: /finance backend: serviceName: financeservice servicePort: 80

nginx.conf new content

upstream default-services-ingress-ctc-cicd2-trainingservice {
    server 12.16.64.5:8190;
    server 12.16.65.6:8190;
} upstream default-services-ingress-ctc-cicd2-attachmentservice {
    server 12.16.64.2:8095;
} upstream default-services-ingress-ctc-cicd2-hrservice {
    server 12.16.64.7:8077;
} upstream default-services-ingress-ctc-cicd2-messageservice {
    server 12.16.64.9:8065;
} upstream default-services-ingress-ctc-cicd2-settingservice {
    server 12.16.64.10:8098;
    server 12.16.65.4:8098;
} upstream default-services-ingress-ctc-cicd2-financeservice {
    server 12.16.64.4:8092;
} upstream default-services-ingress-ctc-cicd2-gatewayservice {
    server 12.16.64.6:8090;
    server 12.16.65.7:8090;
}`
server { listen 80;
    server_name ctc-cicd2;
    location /gateway {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-gatewayservice;
    }
    location /training {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-trainingservice;
    }
    location /attachment {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-attachmentservice;
    }
    location /hr {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-hrservice;
    }
    location /message {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-messageservice;
    }
    location /settings {
            proxy_http_version 1.1;
            proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-settingservice;
    }
    location /finance {
            proxy_http_version 1.1;
           proxy_connect_timeout 60s;
            proxy_read_timeout 60s;
            client_max_body_size 1m;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
           proxy_set_header X-Forwarded-Port $server_port;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering on;
            proxy_pass http://default-services-ingress-ctc-cicd2-financeservice;
    }
}
Sep 12, 2018 in Kubernetes by lina
 • 8,220 points
edited Sep 12, 2018 by lina 1,441 views
Did you get an answer to this question ?
commented Jan 24, 2020 by anonymous
Creating an ingress controller was all that was needed. Are you trying something similar?
commented Jan 24, 2020 by Lina

1 answer to this question.

0 votes

Ingress is just collection of rules that forwards or redirects the traffic. For this you will need an ingress controller. They are mostly written in yaml or JSON format or golang format.

For example:

This one is written in golang and basically listens to the kubeapi for new ingress resources. When it gets a new incoming ingress resource, it will recreate a new nginx conf based off that config and reload the nginx container that makes up your ingress controller:

const (
    nginxConf = `
events {
  worker_connections 1024;
}
http {
  # http://nginx.org/en/docs/http/ngx_http_core_module.html
  types_hash_max_size 2048;
  server_names_hash_max_size 512;
  server_names_hash_bucket_size 64;
{{range $ing := .Items}}
{{range $rule := $ing.Spec.Rules}}
  server {
    listen 80;
    server_name {{$rule.Host}};
{{ range $path := $rule.HTTP.Paths }}
    location {{$path.Path}} {
      proxy_set_header Host $host;
      proxy_pass http://{{$path.Backend.ServiceName}}.{{$ing.Namespace}}.svc.cluster.local:{$path.Backend.ServicePort}};
    }{{end}}
  }{{end}}{{end}}
}`
answered Sep 12, 2018 by Kalgi
 • 52,360 points

Related Questions In Kubernetes

0 votes
1 answer

What's the difference between kubernetes load balancer and ingress controller?

Load Balancer: So Kubernetes LoadBalancer just points ...READ MORE

answered Jan 4, 2019 in Kubernetes by DareDev
 • 6,890 points 13,496 views
0 votes
1 answer

Pros and cons of using Traefik as ingress on Kubernetes as Deployment?

You can use Traefik either as a deployment or ...READ MORE

answered Jan 8, 2019 in Kubernetes by Haider
 1,075 views
0 votes
1 answer

Pros and cons of using traefik as ingress on kubernetes as DaemonSet

Here are pros and cons of using ...READ MORE

answered Jan 6, 2019 in Kubernetes by Layla
 1,483 views
0 votes
1 answer

deleting pods using kubernetes replication controller

The pods which are managed by ReplicationController ...READ MORE

answered Jul 24, 2018 in Kubernetes by DareDev
 • 6,890 points 873 views
+1 vote
1 answer

set up kubernetes NGINX ingress in AWS with SSL termination

Try using ingress itself in this manner except ...READ MORE

answered Oct 10, 2018 in Kubernetes by Kalgi
 • 52,360 points 2,813 views
+6 votes
1 answer

Web UI (Dashboard): https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

Hey @nmentityvibes, you seem to be using ...READ MORE

answered Dec 13, 2018 in Kubernetes by Kalgi
 • 52,360 points 7,061 views
0 votes
1 answer

permissions related to AWS ECR

if you add allowContainerRegistry: true, kops will add those permissions ...READ MORE

answered Oct 9, 2018 in Kubernetes by Kalgi
 • 52,360 points 933 views
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
 14,587 views
0 votes
1 answer

Ingress nginx loading resource 404 in kubernetes

This is not a routing problem on ...READ MORE

answered Sep 10, 2018 in Kubernetes by Kalgi
 • 52,360 points 7,645 views
0 votes
2 answers

Deny access to some specific paths while using kubernetes ingress

Try to create two Ingresses first by default ...READ MORE

answered Sep 21, 2018 in Kubernetes by Nilesh
 • 7,050 points 11,509 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.