I need help to create a reverse zone for the external IP of Kubernetes Ingress Website or something that do the some function like a reverse zone.
Basically I need that when I enter the IP of the ingress in the browser, redirects me to the domain name.
Thanks for the help.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: prueba-web-ingress
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: http://example.com
networking.gke.io/managed-certificates: certificateexample
kubernetes.io/ingress.global-static-ip-name: test
kubernetes.io/ingress.allow-http: "false"
spec:
backend:
serviceName: prueba-web
servicePort: 80
Try the following, just change the example.com to your domain:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: reverse-redirect
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: http://example.com
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: "somerandomname" # needs some name, doesn't need to exist
port:
number: 80
When sending a request to nginx ingress without Host header, it will default to the ingress without specified host filed (just like the example above). Such request will receive a following response:
$ curl 123.123.123.123 -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Apr 2021 11:36:05 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: http://example.com
Browser receiving this redirect, will redirect to the domain specified in Location header.
Docs:
permanent redirect annotation
EDIT:
Since you are not using nginx ingress you can try to use a redirect app.
Here is a deployment with some random image I have found on dockerhub that responds to every request with redirect. I don't want to lecture you on security but I feel that I should at leat mention that you should never use random container images from the internet, and if you are, you are doing it on your own resposibiliy. Preferably build one from source and push to your own repo.
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: redir
name: redir
spec:
replicas: 1
selector:
matchLabels:
app: redir
template:
metadata:
creationTimestamp: null
labels:
app: redir
spec:
containers:
- image: themill/docker-nginx-redirect-301
name: docker-nginx-redirect-301
env:
- name: REDIRECT_CODE
value: "302"
- name: REDIRECT_URL
value: https://example.com
Service for the above deployment:
apiVersion: v1
kind: Service
metadata:
labels:
app: redir
name: redir
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: redir
status:
loadBalancer: {}
Now the ingress part:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: prueba-web-ingress
annotations:
networking.gke.io/managed-certificates: certificateexample
kubernetes.io/ingress.global-static-ip-name: test
kubernetes.io/ingress.allow-http: "false"
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: redir
servicePort: 80
- host: example.com
http:
paths:
- path: /
backend:
serviceName: prueba-web
servicePort: 80
Notice the same applies here: no host field set for redir service, although prueba-web service has its host filed set.
Related
I am trying to create an ingress file to route urls into the inside services. but after calling in postman, it just returns 503 error.
this is my ingress file config:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-srv
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
rules:
- host: posts.com
http:
paths:
- path: /posts/create
pathType: Prefix
backend:
service:
name: posts-clusterip-srv
port:
number: 7000
this is my posts deployment file and cluster ip:
apiVersion: apps/v1
kind: Deployment
metadata:
name: posts-depl
spec:
replicas: 1
selector:
matchLabels:
app: posts
template:
metadata:
labels:
app: posts
spec:
containers:
- name: posts
image: 4765/posts
---
apiVersion: v1
kind: Service
metadata:
name: posts-clusterip-srv
spec:
selector:
app: posts
ports:
- name: posts
protocol: TCP
port: 7000
targetPort: 7000
when in postman I send this request http://posts.com/posts/create just returns 503 service unavailable. I try to curl the cluster Ip curl http://posts-clusterip-srv:7000 but it responses Could not resolve host: posts-clusterip-srv
I don't know what to do?
Does your app server accept request on /?
As path: /posts/create will forward the request to your server which will receive a request on /.
Concerning the curl http://posts-clusterip-srv:7000 it depends of the set up of your cluster:
If you are using a local cluster on your computer you should modify your /etc/hosts add your local IP as posts.com then you should be able to curl it.
If your cluster is on a server it seems that it is a DNS problem, same way as above you can add the server IP to your hosts file to avoid using the DNS.
I have an application running in kubernetes pod (on my local docker desktop, with kubernetes enabled), listening on port 8080. I then have the following kubernetes configuration
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: myrelease-foobar-app-gw
namespace: default
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: SIMPLE
credentialName: default-foobar-local-credential
hosts:
- test.foobar.local
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: myrelease-foobar-app-vs
namespace: default
spec:
hosts:
- test.foobar.local
gateways:
- myrelease-foobar-app-gw
http:
- match:
- port: 443
route:
- destination:
host: myrelease-foobar-app.default.svc.cluster.local
subset: foobarAppDestination
port:
number: 8081
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: myrelease-foobar-app-destrule
namespace: default
spec:
host: myrelease-foobar-app.default.svc.cluster.local
subsets:
- name: foobarAppDestination
labels:
app.kubernetes.io/instance: myrelease
app.kubernetes.io/name: foobar-app
---
apiVersion: v1
kind: Service
metadata:
name: myrelease-foobar-app
namespace: default
labels:
helm.sh/chart: foobar-app-0.1.0
app.kubernetes.io/name: foobar-app
app.kubernetes.io/instance: myrelease
app.kubernetes.io/version: "1.0.0"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 8081
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/name: foobar-app
app.kubernetes.io/instance: myrelease
This works fine. But I'd like to change that port 443 into something else, say 8443 (because I will have multiple Gateway). When I have this, I cant access the application anymore. Is there some configuration that I'm missing? I'm guessing I need to configure Istio to accept port 8443 too? I installed istio using the following command:
istioctl install --set profile=default -y
Edit:
I've done a bit more reading (https://www.dangtrinh.com/2019/09/how-to-open-custom-port-on-istio.html), and I've done the following:
kubectl -n istio-system get service istio-ingressgateway -o yaml > istio_ingressgateway.yaml
edit istio_ingressgateway.yaml, and add the following:
- name: foobarhttps
nodePort: 32700
port: 445
protocol: TCP
targetPort: 8445
kubectl apply -f istio_ingressgateway.yaml
Change within my Gateway above:
- port:
number: 445
name: foobarhttps
protocol: HTTPS
Change within my VirtualService above:
http:
- match:
- port: 445
But I still cant access it from my browser (https://foobar.test.local:445)
I suppose that port has to be mapped on the Istio Ingress Gateway. So if you want to use a custom port, you might have to customize that.
But usually it should not be a problem if multiple Gateways use the same port, it does not cause a clash. So for that use case it should not be necessary to do that.
Fixed it. What i've done wrong in my edit above is this:
- name: foobarhttps
nodePort: 32700
port: 445
protocol: TCP
targetPort: 8443
(notice that targetPort is still 8443). I'm guessing there is an istio component listening on port 8443, which handles all this https stuff. Thanks user140547 for the help!
We are using Azure App G/w Ingress Controller to expose services hosted within AKS.
E.g.
Service named abc is hosted in AKS as below
apiVersion: v1
kind: Service
metadata:
labels:
project: abc
app: abc
env: dev
name: abc
namespace: abc
spec:
ports:
- name: http
# This is the external port of the cluster
port: 8443
protocol: TCP
targetPort: http
selector:
project: abc
app: abc
env: dev
type: ClusterIP
Ingress Configuration
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-abc
namespace: abc
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
rules:
- http:
paths:
- backend:
serviceName: abc
servicePort: 9000
path: /abc*
Problem Statement
Front-end will send request to the backend like: https://app-gw-ip/abc/operation.
App G/w applies appropriate routing rule and converts the request_uri to "//operation". "abc" in the URL path is overwritten by "/" because of the backend-path-prefix annotation. Whereas we want the request_uri as "/operation"
Is there a way to set backend-path-prefix to empty string ?
I want to replace "abc/" in the URL path with "/". Currently it replaces "abc" with "/".
If I do not use the backend-path-prefix, then backend uri path will be "abc/operation". This will return 404 because abc service will not have any endpoint named abc/operation.
Just use path as path: /abc/*
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-abc
namespace: abc
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
rules:
- http:
paths:
- backend:
serviceName: abc
servicePort: 9000
path: /abc/*
I am trying to deploy Jenkins on Kubernetes. I have deployed it with ClusterIP along with Nginx Ingress Controller on AKS.
When I access the IP of the Ingress-Controller, the Jenkins login URL (http://ExternalIP/login?from=%2F) comes up. However the UI of the Jenkins page isn't coming up and there is a some sort of redirection happening and keeps growing (http://ExternalIP/login?from=%2F%3Ffrom%3D%252F%253Ffrom%253D%25252F%25253F). I am very new to Ingress controller and annotations. I am not able to figure on what's causing this redirection.
Below are my configuration files. Can anyone please help on what's going wrong ?
ClusterIP-Service.yml
kind: Service
apiVersion: v1
metadata:
name: jenkins-nodeport-svc
namespace: jenkins
labels:
env: poc
app: myapp_jenkins
spec:
ports:
- name: "http"
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: myapp_jenkins
Ingress.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jenkins-ingress
namespace: jenkins
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: Authorization, origin, accept
nginx.ingress.kubernetes.io/cors-allow-methods: GET, OPTIONS
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
rules:
- http:
paths:
- backend:
serviceName: jenkins-nodeport-svc
servicePort: 80
path: /(.*)
There's something in your ingress:
path: /(.*)
is a regular expression with a single capturing group that match everything. For example with following url: http://ExternalIP/login?from=myurl your capturing group $1 (the first and only one) would match login?from/myurl.
Now the problem is that nginx.ingress.kubernetes.io/rewrite-target: /$2 annotation is rewriting your url with a non existing capturing group.
You don't need rewriting, you just need to plain forward every request to the service.
Here you can find Rewrite Examples if you interested on it.
But in your case you can set:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jenkins-ingress
namespace: jenkins
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: Authorization, origin, accept
nginx.ingress.kubernetes.io/cors-allow-methods: GET, OPTIONS
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
rules:
- http:
paths:
- backend:
serviceName: jenkins-nodeport-svc
servicePort: 80
path: /
and you're good to go.
I have a k8s 1.9.0 cluster and following is my ingress rule.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
labels:
app: report
annotations:
ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: "gayan.test.com"
http:
paths:
- path: /report
backend:
serviceName: qc-report-svc
servicePort: 80
- path: /report/*
backend:
serviceName: qc-report-svc
servicePort: 80
So I have two requests.
Request one - https://gayan.test.com/report/ping This request hit the pod and return the response.
(GET /ping 200 302.079 ms - 63)
Request two - wss://gayan.test.com/report/socket.io/?EIO=3&transport=websocket.
This request doesn't even hit the server. I think this is related to ingress rule.
My question is how can I send all the /report traffic to qc-report-svc service?
Assuming you are using the Nginx Ingress Controller you need to add the nginx.org/websocket-services annotation to enable WebSocket support.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
labels:
app: report
annotations:
ingress.kubernetes.io/rewrite-target: /
nginx.org/websocket-services: "qc-report-svc"
spec:
rules:
- host: "gayan.test.com"
http:
paths:
- path: /report
backend:
serviceName: qc-report-svc
servicePort: 80