0

I am using nginx ingress controller below is the ingress rule file for 2 services:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/ingress.allow-http: "false"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  tls:
  - hosts:
    - rewrite.bar.com.com
    secretName: ingress-tls
  rules:
  - host: rewrite.bar.com.com
  - http:
      paths:
      - path: /my-service-1/(.*)
        pathType: Prefix
        backend:
          service:
            name: my-service-1
            port:
              number: 36995
      - path: /my-service-2/(.*)
        pathType: Prefix
        backend:
          service:
            name: my-service-2
            port:
              number: 32243

Now using below command through shell of service-2 I can curl to the service-1 api endpoint, here I need to pass host ('wire.com') which is TLS enabled as well,

curl --resolve wire.com:443:10.22.148.179 https://wire.com:32243/GetData

Above curl using host address give me response successfully, no issue here!

Now I am using IP address of the POD instead of host address, but this won't give me response, it's always give error like curl: (52) Empty reply from server. Here 10.22.148.179 is my ingress public IP address and 10.2.0.58 is my POD IP address.

curl --resolve enabledservices-dev-aks.honeywell.com:443:10.22.148.179 http//10.2.0.58:32243/GetData

My goal to hit the POD/service api end point through IP address, is this possible with context of Ingress integrated?

moonkotte
  • 3,661
  • 2
  • 10
  • 25
user584018
  • 10,186
  • 15
  • 74
  • 160
  • Can you please elaborate on what you mean by `through shell of service-2`? Also which POD's IP are you using? Ingress one or pod's IP behind the service-1? I don't really understand what you're trying to achieve this way. All traffic should go through ingress and let ingress do the routing and etc. – moonkotte Dec 31 '21 at 10:38
  • Yes I understand traffic should route through Ingress and no issue with that. For some of my debug purpose I want to hit the app end point of service 1 from shell of any other pod. I have multiple relplica of service 1 and I want to hit specific replica with IP address. Is this possible? – user584018 Dec 31 '21 at 10:46
  • 1
    You have two options: 1 - via ingress, 2 - direct service/pod-ip or even by dns-name without using ingress at all. See [dns in kubernetes](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/). So in other words simple `curl service-1.NAMESPACE.svc.cluster.local:PORT` and whatever else you need. – moonkotte Dec 31 '21 at 11:00
  • Thanks. Still I am getting 52 empty response with `url service-1.NAMESPACE.svc.cluster.local:PORT`. How to access through direct service/pod-ip> could you please give more input – user584018 Dec 31 '21 at 13:05
  • 1
    Well, you need to `curl POD_IP:PORT` from the another pod which is inside the cluster. DNS was for services mostly, but for direct usage `cluster-ip` is available inside. This is actually why `ingress` is used - to expose services with `cluster-ip` outside the cluster so `ingress` is a one access point to the cluster. – moonkotte Dec 31 '21 at 13:07
  • 1
    Also please check if [this is the case](https://stackoverflow.com/a/42837622/15537201) – moonkotte Dec 31 '21 at 13:12
  • Thanks! this is what I tried `$ curl 10.22.148.212:32243/GetData` from other POD shell, but NOT sure what's wrong with this, always getting `curl: (52) Empty reply from server` :( – user584018 Dec 31 '21 at 13:20
  • 1
    @moonkotte, Finally WORKS with this, `curl -k https://10.22.148.212:32243/GetData`, -k and https. :) – user584018 Dec 31 '21 at 13:25

1 Answers1

1

Moving this from comments to answer.

The issue was curl request and HTTP protocol used while the server is serving by HTTPS. This is the reason of (52) Empty reply from server error.

Request by curl should be done by specifying the protocol like:

curl https://test.example.com:8888

Ingress is used as a single entry point to the cluster so all inside services can be exposed internally in the cluster using cluster-ip service type - see kubernetes service types.

If any inside service/pod is required to be tested from inside the cluster, request should be executed from the cluster to be able to hit a cluster-ip since cluster-ip is only accessible within the cluster.

moonkotte
  • 3,661
  • 2
  • 10
  • 25