How to define external ip for kubernetes ingress

Question

I have question about kubernetes ingress.

I want to use ingress with my Amazon account and/or private cloud and want to assign external IP.

It is possible to assign external ip for services : Services documentation - chapter external IP but cannot find a way to do that for Ingress : Ingress documentation.

My question is direct especially to Kubernetes team. Similar question was asked by Simon in this topic : How to force SSL for Kubernetes Ingress on GKE 2 but he asked about GKE while I am interested in private cloud, AWS.

Thank you in advance.

[UPDATE]

Guys found that my question may was answered already in this topic. Actually answer that @anigosa put there is specific for GCloud. His solution won't work in private cloud neither in AWS cloud. In my opinion the reason for that is that he use type: LoadBalancer (which cannot be used in private cloud) and use loadBalancerIP property which will works only on GCloud(for AWS it cause error : "Failed to create load balancer for service default/nginx-ingress-svc: LoadBalancerIP cannot be specified for AWS ELB ").

Answer 1

Looking at this issue, it seems you can define annotation on your service and map it to existing elastic ip. Something like that:

apiVersion: v1
kind: Service
metadata:
  name: my-service
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-eip-allocations: <>
spec:
  type: LoadBalancer
  selector:
    app: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376

Please note this will create ELB for this service, not ingress.

As an ingress is simply one service (=ELB) handling requests for many other services, it should be possible to do something similar for ingress, but I couldn't find any docs for it.

Answer 2

There are two main ways you can do this. One is using a static IP annotation as shown in Omer's answer (which is cloud specific, and normally relies on the external IP being setup beforehand), the other is using an ingress controller (which is generally cloud agnostic).

The ingress controller will obtain an external IP on its service and then pass that to your ingress which will then use that IP as its own.

Traffic will then come into the cluster via the controller's service and the controller will route to your ingress.

Here's an example of the ingress:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    kubernetes.io/ingress.class: my-ingress-class
spec:
  tls:
  - hosts:
    - ssl.somehost.com
  rules:
  - host: ssl.somehost.com
    http:
      paths:
      - backend:
          serviceName: backend-service
          servicePort: 8080

The line

kubernetes.io/ingress.class: my-ingress-class

Tells the cluster we want only an ingress controller that handles this "class" of ingress traffic -- you can have multiple ingress controllers in the cluster, each declaring they are handling a different class of ingress traffic so when you install the ingress controller, you also need to declare which ingress class you want it to handle.

Caveat: If you do not declare the ingress class on an ingress resource, ALL the ingress controllers in the cluster will attempt to route traffic to the ingres

Now if you want an external IP that is private, you can do that via the controller. For AWS and GCP you have annotations that tell the cloud provider you want an IP that is internal only by adding a specific annotation to the loadbalancer of the ingress controller

For AWS:

service.beta.kubernetes.io/aws-load-balancer-type: "internal"

For GCP:

networking.gke.io/load-balancer-type: "Internal"

or (< Kubernetes 1.17)

cloud.google.com/load-balancer-type: "Internal"

Your ingress will inherit the IP obtained by the ingress controller's loadbalancer