Hi,
I have Setup a kubernetes Cluster using kubeadm with 1 master and 1 worker node in ubuntu 22.04 LTS. An Nginx Ingress Controller was deployed in the master node . i want to test a web application by accessing by url : http://mysite.com .
Upon checking the ClusterIP service has correctly found two endpoints (2 replicas created using deployment) . The master node ip is : 10.10.1.9.when i first created the ingress resource the Address field was blank and i had to add Ingress Class which was obtained from the option passed to the ingress controller pod command.But when i try to access the domain from my local system by adding the entry to its /etc/hosts file the url is not accessible as desired . Both the local machine from which iam trying to access the site and the kubernetes cluster nodes are in the same private network . Could anyone please help to solve this . Also i would like to know what is Ingress Class specified in the ingress resource manifest and its relebance.
##################################################
kubectl describe ingress -n scorehive scorehive-web
###################################################
Name: scorehive-web
Labels: <none>
Namespace: scorehive
Address: 10.10.1.9
Ingress Class: nginx
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
scorehive-web.com
/ scorehive-web-service:81 (172.21.192.3:80,172.21.192.4:80)
Annotations: <none>
Events: <none>
The following were setup for the requirement :
- mysite-web-deployment.yaml (Deployment)
- mysite-web-service.yaml (Service)
- scorehive-web-ingress.yaml (Ingress Resource)
---
#scorehive-web-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: scorehive-web
namespace: scorehive
name: scorehive-web
spec:
replicas: 2
selector:
matchLabels:
app: scorehive-web
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: scorehive-web
spec:
containers:
- image: 10.10.1.9:5000/scorehive-ui:test
name: scorehive-ui
resources: {}
status: {}
---
#scorehive-web-service.yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: scorehive-web
name: scorehive-web-service
namespace: scorehive
spec:
ports:
- port: 81
protocol: TCP
targetPort: 80
selector:
app: scorehive-web
type: ClusterIP
---
#scorehive-web-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
creationTimestamp: "2024-06-30T13:52:37Z"
generation: 3
name: scorehive-web
namespace: scorehive
resourceVersion: "8616695"
uid: 05ccbafc-a69e-4d4e-922e-0e2f0ab95a9b
spec:
ingressClassName: nginx
rules:
- host: mysite.com
http:
paths:
- backend:
service:
name: scorehive-web-service
port:
number: 81
path: /
pathType: Exact
status:
loadBalancer:
ingress:
- ip: 10.10.1.9
---
The one detail that sticks out to me is the port listed on your nginx service:
- backend:
service:
name: scorehive-web-service
port:
number: 81
That is almost certainly wrong, since you’d need to do something fancy to get the port to 81; it’s defaulted to 80.
Fix that; there’s also possibly an issue with how the ingress controller is networked (along with your virtual systems), but fix that first and see if that fixes things.
Additionally, how did you set up ingress-nginx? Unless you are running in a cloud and you have a cloud loadbalancer provider deployed in your cluster, you will probably find that the service in the ingress-nginx namespace has been deployed as type loadbalancer and has no external IP - because it cannot create a loadbalancer.
If this is the case, you must deploy ingress-nginx as NodePort, and then using your host file entry, you must access the cluster ingress via that nodeport. See here for how to deploy ingress-nginx as nodeport.
@Alistair_KodeKloud . This is the current setup for ingress-nginx.
kubectl describe svc ingress-nginx-controller -n ingress-nginx
Name: ingress-nginx-controller
Namespace: ingress-nginx
Labels: app.kubernetes.io/component=controller
app.kubernetes.io/instance=ingress-nginx
app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/part-of=ingress-nginx
app.kubernetes.io/version=1.10.1
Annotations: <none>
Selector: app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 172.22.65.54
IPs: 172.22.65.54
Port: http 80/TCP
TargetPort: http/TCP
NodePort: http 31207/TCP
Endpoints: 172.21.0.4:80
Port: https 443/TCP
TargetPort: https/TCP
NodePort: https 31494/TCP
Endpoints: 172.21.0.4:443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
kubectl describe pods -n ingress-nginx ingress-nginx-controller-59c48c9f5c-dz5mb
Name: ingress-nginx-controller-59c48c9f5c-dz5mb
Namespace: ingress-nginx
Priority: 0
Service Account: ingress-nginx
Node: internal-server9-master-1/10.10.1.9
Start Time: Fri, 26 Apr 2024 08:31:38 +0000
Labels: app.kubernetes.io/component=controller
app.kubernetes.io/instance=ingress-nginx
app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/part-of=ingress-nginx
app.kubernetes.io/version=1.10.1
pod-template-hash=59c48c9f5c
Annotations: <none>
Status: Running
IP: 172.21.0.4
IPs:
IP: 172.21.0.4
Controlled By: ReplicaSet/ingress-nginx-controller-59c48c9f5c
Containers:
controller:
Container ID: containerd://5dfe667f680086827e567c805a187b92de26a4f0b2312082dbb07ba5583bad62
Image: registry.k8s.io/ingress-nginx/controller:v1.10.1@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e
Image ID: registry.k8s.io/ingress-nginx/controller@sha256:e24f39d3eed6bcc239a56f20098878845f62baa34b9f2be2fd2c38ce9fb0f29e
Ports: 80/TCP, 443/TCP, 8443/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP
SeccompProfile: RuntimeDefault
Args:
/nginx-ingress-controller
--election-id=ingress-nginx-leader
--controller-class=k8s.io/ingress-nginx
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
--enable-metrics=false
State: Running
Started: Sat, 27 Apr 2024 03:09:40 +0000
Last State: Terminated
Reason: Unknown
Exit Code: 255
Started: Fri, 26 Apr 2024 08:31:46 +0000
Finished: Sat, 27 Apr 2024 03:07:39 +0000
Ready: True
Restart Count: 1
Requests:
cpu: 100m
memory: 90Mi
Liveness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=5
Readiness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
POD_NAME: ingress-nginx-controller-59c48c9f5c-dz5mb (v1:metadata.name)
POD_NAMESPACE: ingress-nginx (v1:metadata.namespace)
LD_PRELOAD: /usr/local/lib/libmimalloc.so
Mounts:
/usr/local/certificates/ from webhook-cert (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mr98l (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
webhook-cert:
Type: Secret (a volume populated by a Secret)
SecretName: ingress-nginx-admission
Optional: false
kube-api-access-mr98l:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: kubernetes.io/os=linux
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>
Hi @rob_kodekloud
That is almost certainly wrong, since you’d need to do something fancy to get the port to 81; it’s defaulted to 80.
I have configured the service : scorehive-web-service with targetport as 80 and port as 81 . Should the port on the service be also 80?
I am able to access the site using the ip of the masternode from another pc in the same private network without ingress if the service of type Nodeport is created . But i would i like to test this site by calling with a domain for testing ingress for learning purpose .
Looks like you’ve correctly configured the ingress as NodePort.
Therefore the entry in your hosts file for the domain must refer the IP address of one of the cluster nodes.
Then you access the ingress using the domain name and the node port, e.g.
http://mysite.com:31494/
Hi @Alistair_KodeKloud
Yes it worked when i called with the Nodeport for the ingress service ie , http://mysite.com:31207/ (port for http ) . To avoid the port i then used haproxy . Now it can be accessed by http://mysite.com .
Thank you