Menu
I've setup some services and ingresses to try out the SSL termination. I had no problem at all with LoadBalancer and NodePort services as backend but it's not working at all with ClusterIP service.
Although the Ingress' backend is described as healthy, I get an HTTP error that do not come from my application.
$ kubectl describe ing nginx-cluster-ssl-ingress
Name: nginx-cluster-ssl-ingress
Namespace: default
Address: X.X.X.X
Default backend: nginx-cluster-svc:80 (...)
TLS:
ssl-certificate terminates
Rules:
Host Path Backends
---- ---- --------
Annotations:
https-target-proxy: k8s-tps-default-nginx-cluster-ssl-ingress
static-ip: k8s-fw-default-nginx-cluster-ssl-ingress
target-proxy: k8s-tp-default-nginx-cluster-ssl-ingress
url-map: k8s-um-default-nginx-cluster-ssl-ingress
backends: {"k8s-be-30825":"HEALTHY"}
forwarding-rule: k8s-fw-default-nginx-cluster-ssl-ingress
https-forwarding-rule: k8s-fws-default-nginx-cluster-ssl-ingress
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
28m 28m 1 {loadbalancer-controller } Normal ADD default/nginx-cluster-ssl-ingress
27m 27m 1 {loadbalancer-controller } Normal CREATE ip: X.X.X.X
The HTTP error is the following:
$ curl http://X.X.X.X/
default backend - 404%
My question is quite simple: is it supposed to work with ClusterIP services? If it is supposed to as more or less written in the documentation, where should I have a look to resolve that issue?
Thank you!
928
Ingress isn't a service type like NodePort, ClusterIP, or LoadBalancer. Ingress actually acts as a proxy to bring traffic into the cluster, then uses internal service routing to get the traffic where it is going.
Unlike NodePort or LoadBalancer, Ingress is not actually a type of service. Instead, it is an entry point that sits in front of multiple services in the cluster. It can be defined as a collection of routing rules that govern how external users access services running inside a Kubernetes cluster.
The GKE Ingress controller creates and configures an HTTP(S) Load Balancer according to the information in the Ingress, routing all external HTTP traffic (on port 80) to the web NodePort Service you exposed. Note: To use Ingress, you must have the HTTP(S) Load Balancing add-on enabled.
While ingresses and load balancers have a lot of overlap in functionality, they behave differently. The main difference is ingresses are native objects inside the cluster that can route to multiple services, while load balancers are external to the cluster and only route to a single service.
The native GKE Ingress controller do not support ClusterIP, only NodePort is working.
Non-native Ingress controllers such as the nginx one do work with ClusterIP services.
151
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
