Reputation: 753
Is Ingress working with ClusterIP services?
I've setup some services and ingresses to try out the SSL termination. I had no problem at all with LoadBalancer and NodePort services as backend but it's not working at all with ClusterIP service.
Although the Ingress' backend is described as healthy, I get an HTTP error that do not come from my application.
$ kubectl describe ing nginx-cluster-ssl-ingress
Name: nginx-cluster-ssl-ingress
Namespace: default
Address: X.X.X.X
Default backend: nginx-cluster-svc:80 (...)
TLS:
ssl-certificate terminates
Rules:
Host Path Backends
---- ---- --------
Annotations:
https-target-proxy: k8s-tps-default-nginx-cluster-ssl-ingress
static-ip: k8s-fw-default-nginx-cluster-ssl-ingress
target-proxy: k8s-tp-default-nginx-cluster-ssl-ingress
url-map: k8s-um-default-nginx-cluster-ssl-ingress
backends: {"k8s-be-30825":"HEALTHY"}
forwarding-rule: k8s-fw-default-nginx-cluster-ssl-ingress
https-forwarding-rule: k8s-fws-default-nginx-cluster-ssl-ingress
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
28m 28m 1 {loadbalancer-controller } Normal ADD default/nginx-cluster-ssl-ingress
27m 27m 1 {loadbalancer-controller } Normal CREATE ip: X.X.X.X
The HTTP error is the following:
$ curl http://X.X.X.X/
default backend - 404%
My question is quite simple: is it supposed to work with ClusterIP services? If it is supposed to as more or less written in the documentation, where should I have a look to resolve that issue?
Thank you!
Upvotes: 20
Views: 22936
Answers (3)
Reputation: 24775
Nginx ingress controller on GKE works with ClusterIp. But the native GKE ingress controller does not as mentioned by @samuel-roze
So just use Nginx ingress like this:
kubernetes.io/ingress.class: nginx
Upvotes: 3
Reputation: 13085
If you are using GKE cluster and you use container-native load balancing (which is enabled by adding the cloud.google.com/neg: '{"ingress": true}' annotation in your ClusterIP services), then your GKE/GCE ingress can talk directly to the ClusterIP service, without needing it to be NodePort service.
GKE auto-adds the cloud.google.com/neg: '{"ingress": true}' annotation if a set of conditions are true. Then you don't need to add this annotation manually to get container-native load balancing. Otherwise, you will need to add this annotation to get container-native load-balancing; which then enables your ingress to talk directly to the ClusterIP service.
Upvotes: 2
Reputation: 753
The native GKE Ingress controller do not support ClusterIP, only NodePort is working.
Non-native Ingress controllers such as the nginx one do work with ClusterIP services.
Upvotes: 31
Related Questions
- Are all backends affected by performance penalty when ingress-nginx has ssl passtrough enabled? Should I use seperate ingresses?
- Expose several services via Ingress at kubernetes cluster
- Kubernetes ingress is not working , default backend 404
- Ingress-Controller Deployment is failing
- How to configure nginx-ingress with one load balancer for two ingress for two domains
- Unable to access Kubernetes ClusterIP services via nginx-ingress-controller
- How to integrate Kubernetes Nginx Ingress with Consul and Consul Connect
- How to fix unhealthy backend services?
- GKE with Ingress setup always gives status UNHEALTHY