Ingress on ports 80/443 for cluster

GuillaumeL30 2018-12-05 14:44:29 UTC #1

Hi there,

So far so good with your docs :
- I created a cluster, added a node, deployed a Dashboard, a (secured) Helm/Tiller and an Ingress.
- I bought a nice .ovh domain that points to my NODES_URL.
- I deployed you hello app and made it available on http://hello.DOMAIN.ovh:32080

As for now I'd like to issue an HTTPS certificate with (deployed easily with helm chart). So I :
- deployed cert-manager with helm chart
- created a "letsencrypt-staging" ClusterIssuer
- added a Certificate for hello.DOMAIN.ovh
- modified my Ingress to includes this Certificate

But As Ingress is using 32080/32443, I'm having some troubles with ACME validation giving me :

http-01 self check failed for domain "hello.DOMAIN.ovh"

But Ingress does not allow a setup on NodePort with ports under 3000.

What am I doing wrong ? should I use another mode for Ingress ? Which ?

Thanks for your help !

Kubernetes ingress port 80 & 443

GuillaumeL30 2018-12-07 07:36:02 UTC #2

Some news, I found a way to reach a bit further my goal.

Instead of deploying Ingress by the Helm chart, I re-deployed it manually :

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

Then for last step I edited the service-nodeport.yaml by adding the ips of my nodes :

curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml -o service-nodeport.yaml
kubectl get -o jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}' $(kubectl get nodes -o name)

Add to service-nodeport.yaml :

externalIPs:
- X.X.X.X
- X.X.X.X

Then :

kubectl apply -f service-nodeport.yaml

It worked and the Ingress listens on all my nodes on 80 and 433 now.
But I think this way may not be the cleanest one ... Any advice/remark ?

Thanks,

ThomasS6 2018-12-18 10:57:46 UTC #3

Until LB is released, port 80/443 are reachable by this way, thanks @GuillaumeL30

GuilhemB1 2019-10-17 14:42:48 UTC #4

I'm interestd in such solution, as I currently do not use K8S capabilities related to scalability: I have a trivial application, not scalable at all, so a single node is enough. Thus, I do not need Load-Balancer.

Following this tutorial, I found some parts require updates:

the mandatory URL is https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
the service-nodeport.yaml is now located at https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/baremetal/service-nodeport.yaml

But while doing this, the ports 80 and 443 seems to stay unreachable, while the ingress-nginx-controller is running and the NodePort strategy is applied.

Any tips?

A-t-on une idée des futurs tarifs?

GuilhemB1 2019-10-17 15:09:26 UTC #5

Ports were closed. Looking deeper in my config I realized that the Service doesn't have a selector.
Fixing that, I was able to access my service.

To expose:

kubectl expose deploy/nginx-ingress-controller -n ingress-nginx --external-ip=X.X.X.X --type=NodePort

Thanks @GuillaumeL30!

Propulsé par Discourse, le rendu est meilleur avec le JavaScript activé

OVH Community

Bienvenue sur votre espace communautaire. Posez des questions, recherchez des informations, publiez du contenu et interagissez avec d’autres membres OVH Community.