0

I want to make an endpoint running at http://12.34.56.78:1234 accessible via https://www.example.com/suffix, whereas the latter endpoint is configured and exposed via Kubernetes and the former endpoint is standalone.

It is not possible to make changes to http://12.34.56.78:1234 or https://www.example.com/suffix, the former is directly accessible over the internet and the latter must be exposed via Kubernetes. The only thing which may be changed is the Kubernetes configuration.

Therefore, I created the following ingress:

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: ingress-controller
  namespace: ns
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
    - hosts:
        - www.example.com
      secretName: tls-secret
  rules:
    - host: www.example.com
      http:
        paths:
          - path: /suffix
            pathType: Prefix
            backend:
              serviceName: proxy
              servicePort: 1234

and the following service:

kind: Service
apiVersion: v1
metadata:
  name: proxy
  namespace: ns
spec:
  ports:
    - protocol: TCP
      port: 1234
      targetPort: 1234
  type: ExternalName
  sessionAffinity: None
  externalName: 12.34.56.78

According to https://discuss.kubernetes.io/t/service-externalname-ip/494, using Service with type: ExternalName and an IP as externalName seems to work fine in general.

I also experimented with Endpoint but couldn't get it work either:

apiVersion: v1
kind: Endpoints
metadata:
  name: proxy
  namespace: ns
subsets:
- addresses:
  - ip: 12.34.56.78
  ports:
  - name: proxy
    port: 1234

When calling https://www.example.com/suffix, I am getting 403 Client Error: Forbidden for url: https://www.example.com/suffix

Any ideas how to get it to work?

Scholle
  • 1,521
  • 2
  • 23
  • 44
  • Externalname does not accept(offically) IPv4 addresses. You need to enter canonical DNS here. where is the server/pod that have this ip 12.34.56.78 ? In your cluster or outside or the cluster ? – m303945 Jul 14 '21 at 17:59
  • also you don't create endpoints yourself. endpoints are created when your service has pods that match its label selector (which are currently missing on your service) – meaningqo Jul 14 '21 at 18:37
  • @m303945 12.34.56.78 is outside the cluster. no dns name available. must work with ip. – Scholle Jul 14 '21 at 18:43
  • 1
    @meaningqo according to https://stackoverflow.com/questions/57764237/kubernetes-ingress-to-external-service, creating an endpoint manually seems to be an option – Scholle Jul 14 '21 at 18:46
  • Make your service headless service without selector. Also what is your pod and node IP range. Maybe they are conflicting with your external IP. – m303945 Jul 14 '21 at 19:49
  • Does this answer your question? [Kubernetes Ingress to External Service?](https://stackoverflow.com/questions/57764237/kubernetes-ingress-to-external-service) – SYN Jul 14 '21 at 20:06
  • @m303945 no selector used in the reference service config shown above. IP conflicts can be ruled out. – Scholle Jul 16 '21 at 05:53
  • @SYN thanks for the reference. but thats the same so answer i referenced above. i took the endpoint example from there. I guess the reason it doesn't work in my case is the external ip is only accessible via http whereas the ingress ip only via https. – Scholle Jul 16 '21 at 05:54
  • I don't see any issues with ingress relaying your https connection to an http backend. Answering to the question in your title: link above is all you need. Now, if your Ingress returns with a 403: depending on your IG controller, could be that you're not querying the right FQDN, or more likely the backend is genuinely returning you with its own 403. Test the service: have you tested that you can query that Service from a node in your cluster? Test your IG configuration: are you sure those prefix/rewrite work? – SYN Jul 16 '21 at 07:37

0 Answers0