Have you defined 30099 port in your ingress manifest file to receive a incoming traffic?
I thought ingress resources cannot allow to specify incoming ports.
Network policies can.
What ever you defined in your manifest file with selector and ingress rule. It will allow only to that.
As i can see there is two backend service. So you can define in your ingress manifest file.
As you can see in the screen capture I joined, every component is green. So that means the backend service is configured correctly.
I am notifying you two backend service name is written in task description. Can you share your ingress yaml file?
One is “iron-gallery-service” and second one is “ingress-space”.
oO so the last line “Name: ingress-spacehttp backend servicePort: ‘80’” means a second backend service ?
Unclear. And why the check is pointing that it’s ok ?
Here’s my ingress yaml :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: iron-gallery-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: iron-gallery-braavos.com
http:
paths:
- path: /
backend:
serviceName: iron-gallery-service
servicePort: 80
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: iron-gallery-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: iron-gallery-braavos.com
http:
paths:- path: /
backend:
serviceName: iron-gallery-service
servicePort: 30099 - path: /
backend:
serviceName: ingress-space
servicePort: 80
- path: /
You defined iron-gallery-service with nodeport so for incoming traffic will hit 30099 port and 2nd one will send traffic to Pod.
It worked with the ingress correction and the creation of the ingress-space nodeport service.
But I quite don’t get how it works. I thought you could only have one path per rule.
So in this ingress, it means when incoming trafic comes to “iron-gallery-braavos.com/” you have 2 backend services targeted ?
Because the iron-gallery-service is a clusterip that listens the 80 port only.
The ingress-space is a nodeport that exposes the 30099 to the 80 of the iron-gallery-deployment.
Or does-it work in a sequential manner ?
Anyway thank you very much for your help and your patience.
P.S. : for your information, it works if I make iron-gallery-service a nodeport instead of a clusterip, with nodeport 30099 and with your ingress file corrections but without creating the ingress-space service.
I read the doc and if two paths are identical, only one have precedence. So the second backend service seems to be worthless.
Nodeport has no role in service file? I thought task description is about define NodePort in that service file.
Yeah i agreed with that It’s a OR’s statement not AND’s statement.
Yep. So I didn’t create any ingress-space service and the application is accessible and the challenge validates anyway.
Actually a previous comment for network policy not for ingress.
The netpol doesn’t concern the iron gallery service but the iron db service.
May be worked for both ingress and for network policy.
I will look into it later and what’s the scenario of it.
I had a hard time understanding this discussion, so for anyone else that lands here:
-
the formatting of the instructions for this lab are not great, be careful around the ingress-space
-
to complete the lab it seems the following will cause it to pass / be marked successful:
#Service
- apiVersion: v1
kind: Service
metadata:
labels:
app: iron-gallery-service
name: iron-gallery-service
namespace: default
spec:
ports:
- name: 80-80
nodePort: 30099
port: 80
protocol: TCP
targetPort: 80
selector:
run: iron-gallery
sessionAffinity: None
type: NodePort
#Ingress
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: iron-gallery-ingress
namespace: default
spec:
rules:
- host: iron-gallery-braavos.com
http:
paths:
- backend:
serviceName: iron-gallery-service
servicePort: 30099
path: /
- backend:
serviceName: ingress-space
servicePort: 80
path: /
My answer did not include the following line, and it still passed me:
- backend:
serviceName: iron-gallery-service
servicePort: 30099
path: /
I just had to go back, and open up a nodePort in my service, which isn’t in the instruction. It is fine however, because then I could figure it out myself.