Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Different ingress in different Namespace in kubernetes

Tags:

namespaces

kubernetes

I have created two different namespaces for different environment. one is devops-qa and another is devops-dev. I created two ingress in different namespaces. So while creating ingress of qa env in devops-qa namespace, the rules written inside ingress of qa is working fine. Means I am able to access the webpage of qa env. The moment I will create the ingress of dev env in devops-dev namespace, I will be able to access the webpage of dev env but wont be able to access the webpage of qa. And when I delete the dev ingress then again I will be able to access the qa env website

Below is the ingree of both dev and qa env.

Dev Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
  name: cafe-ingress-dev
  namespace: devops-dev
spec:
  tls:
  - hosts:
    - cafe-dev.example.com
    secretName: default-token-drk6n
  rules:
  - host: cafe-dev.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: miqpdev-svc
          servicePort: 80

QA Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx" 
  name: cafe-ingress-qa
  namespace: devops-qa
spec:
  tls:
  - hosts:
    - cafe-qa.example.com
    secretName: default-token-jdnqf
  rules:
  - host: cafe-qa.example.com
    http:
      paths:
      - path: /greentea
        backend:
          serviceName: greentea-svc
          servicePort: 80
      - path: /blackcoffee
        backend:
          serviceName: blackcoffee-svc
          servicePort: 80

The token mentioned in the ingress file is of each namespace. And the nginx ingress controller is running in QA namespace How can i run both the ingress and will be able to get all the websites deployed in both dev and qa env ?

like image 287
Nikit Swaraj Avatar asked Jul 26 '17 07:07

Nikit Swaraj

People also ask

Can ingress controller be in different namespace?

You can spread the Ingress configuration for a common host across multiple Ingress resources using Mergeable Ingress resources. Such resources can belong to the same or different namespaces.

Should ingress and service be in same namespace?

A couple of things to notice about those ingress rules: They are deployed in the same namespace as the service they point to. They use URL-based routing.

Can Kubernetes have multiple ingress?

8.0, one can install multiple NGINX ingress controllers in a Kubernetes cluster. The optional NGINX Ingress Controller can be installed as an App on your cluster.

What is namespace in ingress?

The Kube-system namespace is used for objects created by the Kubernetes System itself. Basically the stuff you need to keep Kubernetes up and running. Additional services you add (such as monitoring with Azure Monitor, service meshes, ingress controllers) will be deployed into the Kube-system namespace as well.

3 Answers

I actually Solved my problem. I did everything correct. But only thing I did not do is to map the hostname with the same ip in Route53. And instead of accessing the website with hostname, I was accessing it from IP. Now after accessing the website from hostname, I was able to access it :)

like image 126
Nikit Swaraj Avatar answered Oct 13 '22 18:10

Nikit Swaraj

Seems like you posted here and got your answer. The solution is to deploy a different Ingress for each namespace. However, deploying 2 Ingresses complicates matters because one instance has to run on a non-standard port (eg. 8080, 8443).

I think this is better solved using DNS. Create the CNAME records cafe-qa.example.com and cafe-dev.example.com both pointing to cafe.example.com. Update each Ingress manifest accordingly. Using DNS is somewhat the standard way to separate the Dev/QA/Prod environments.

like image 23
Eugene Chow Avatar answered Oct 13 '22 20:10

Eugene Chow

Had the same issue, found a way to resolve it:

you just need to add the "--watch-namespace" argument to the ingress controller that sits under the ingress service that you've linked to your ingress resource. Then it will be bound only to the services within the same namespace as the ingress service and its pods belong to.

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
namespace:  my-namespace
name: nginx-ingress-controller
spec: 
  replicas: 1
selector:
  matchLabels:
    name: nginx-ingress-lb
template: 
  metadata: 
    labels: 
      name: nginx-ingress-lb
  spec:
    serviceAccountName: ingress-account
    containers: 
      - args: 
          - /nginx-ingress-controller
          - "--default-backend-service=$(POD_NAMESPACE)/default-http-backend"
          - "--default-ssl-certificate=$(POD_NAMESPACE)/secret-tls"
          - "--watch-namespace=$(POD_NAMESPACE)"
        env: 
          - name: POD_NAME
            valueFrom: 
              fieldRef: 
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom: 
              fieldRef: 
                fieldPath: metadata.namespace
        name: nginx-ingress-controller
        image: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.24.1"
        livenessProbe: 
          httpGet: 
            path: /healthz
            port: 10254
            scheme: HTTP
        ports: 
          - containerPort: 80
            name: http
            protocol: TCP
          - containerPort: 443
            name: https
            protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
namespace:  my-namespace
name: nginx-ingress
spec:
  type: LoadBalancer
  ports:
  - name: https
    port: 443
    targetPort: https
  selector:
    name: nginx-ingress-lb
like image 26
akardon Avatar answered Oct 13 '22 18:10

akardon
Sign in to Comment

Related questions

using Interop.SHDocVw.dll Where can i find this namespace/dll at?
2 objects, exactly the same (except namespace) c#
What is Ext.namespace, how should we use them?
How do I define friends in global namespace within another C++ namespace?
XPATHS and Default Namespaces
how to use std::filesystem on gcc 8?
Linkage of symbols within anonymous namespace within a regular namespace
Where do I find the namespace of an app [Android]
Is there a way to insert a global name into a namespace and make it available only from that namespace?
Classes and namespaces sharing the same name in C++
Rails url_for and namespaced models
Can't include Microsoft.Security.Application?
rails caching: expire_action in another namespace
Temporary namespace/context in Haskell
ASP.NET MVC Namespace renaming
PHP namespace PDO not found
How to handle python packages with conflicting names?
are C functions declared in <c____> headers guaranteed to be in the global namespace as well as std?
anonymous namespaces and the one definition rule
Namespaced models in Rails: What's the state of the union?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!