Menu
I deployed Kubernetes on AWS with KOPS and the nginx-ingress.
To evaluate multiple clouds (and cut costs), I want to deploy on GKE. Everything worked, except the darn Ingress's. (That was the hardest part on AWS).
Below is the Ingress I'm using on GKE. It makes two Ingresses in the dashboard, each with an IP address.
If I point my DNS at those addresses, the connection is refused. I'm checking the DNS resultion with ping.
All HTTPS fail to connect with "Unable to establish SSL connection.", except button which is "502 Bad Gateway"
HTTP fails to connect with 502 except admin which is 503.
In the Google Cloud Platform dashboard, I see two load balancers. "all" points to my SSL cert. "button" isn't doing HTTPS, but that's another problem.
Clearly I'm missing something. What did I miss?
I'm using kubectl v1.4.6 and whatever version on GKE would have installed yesterday.
```
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# this is for nginx ingress controler on AWS
# kubernetes.io/ingress.class: "nginx"
name: all-ingress
spec:
tls:
- hosts:
- admin-stage.example.com
- dashboard-stage.example.com
- expert-stage.example.com
- signal-stage.example.com
- stage.example.com
secretName: tls-secret
rules:
- host: admin-stage.example.com
http:
paths:
- backend:
serviceName: admin-service
servicePort: http-port
path: /
- host: dashboard-stage.example.com
http:
paths:
- backend:
serviceName: dashboard-service
servicePort: http-port
path: /
- host: expert-stage.example.com
http:
paths:
- backend:
serviceName: expert-service
servicePort: http-port
path: /
- host: signal-stage.example.com
http:
paths:
- backend:
serviceName: signal-service
servicePort: http-port
path: /
- host: stage.example.com
http:
paths:
- backend:
serviceName: www-service
servicePort: http-port
path: /
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# this is for nginx ingress controler on AWS
# kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
name: button-ingress
spec:
tls:
- hosts:
- button-stage.example.com
secretName: tls-secret
rules:
- host: button-stage.example.com
http:
paths:
- backend:
serviceName: button-service
servicePort: http-port
path: /
```
694
On GKE, Ingress is implemented using Cloud Load Balancing. When you create an Ingress in your cluster, GKE creates an HTTP(S) load balancer and configures it to route traffic to your application.
Kubernetes Ingress vs Load Balancer A Kubernetes application load balancer is a type of service, while Kubernetes ingress is a collection of rules, not a service. Instead, Kubernetes ingress sits in front of multiple services and acts as the entry point for an entire cluster of pods.
Prashanth's comments were helpful, in the end, native cloud Ingress (AWS/GCE) isn't finished in Kubernetes enough to be useful for my purposes. There's no point learning an abstraction that is more complicated and less functional than the thing underneath.
I ended up using the nginx-ingress from this answer: Kubernetes 1.4 SSL Termination on AWS
On the resulting Ingress is an IP you can point DNS (not the "External Endpoints" on the service). Good luck!
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
