Reputation: 12707
Obtaining a public IP or domain name in a Knative+MiniKube setup
I am attempting to use knative to self-host a simple FaaS platform from an on-premises Linux server. I have installed minikube successfully, and installed/configured knative using the knative operator.
Following the default selection in the linked guide, I have set up kourier as the networking layer and selected Magic DNS (sslip.io) setup. After running minikube tunnel, I can successfully serve demo apps like helloworld-python.
However, my "External IP" according to KNative is a private-ip:
kubectl --namespace knative-serving get service kourier
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kourier LoadBalancer 10.100.195.53 10.100.195.53 80:31140/TCP,443:31175/TCP 15h
(Note the IP starts with 10., this IP is not external to the machine.)
As such, the apps return sslip.io addresses containing this private IP: http://helloworld-python.default.10.100.195.53.sslip.io. As a result, I can query this service (e.g. via curl) just fine from the host server, but I can't access the service from any other machine. Likewise, if I attempt to configure any "Eventing" services, KNative produces webhooks with a private IP address, which obviously don't work since external services like GitHub don't resolve them.
So, why does Knative return a private IP in this setting? The KNative installation doesn't seem to give any indication that this will be the case, suggesting that
kubectl --namespace knative-serving get service kourier
might return a CNAME or an IP address and that we should "note this for DNS configuration later" (except if using Magic DNS). Should it be returning a private IP?
If so, what is the procedure for exposing services? Do I need to run some additional configuration to expose a public IP?
If not, is some additional per-configuration needed so that it uses the machine's public IP? (or at least an IP I can bind my own reverse proxy to?)
Is Kourier designed to only do private IPs? (The docs are pretty terse about why one should chose kourier vs istio or contour for networking, merely saying that istio is the default but new users should chose kourier if they are unsure??)
As a side-note/ background context, my server has a fixed IP address, I use caddy (in container on the same docker network as minikube) to provide https domain names to services. Also, outside of knative, if I just follow standard minikube guide to make a service as NodePort or LoadBalancer, I can easily take the port that kubectl get svc shows, and expose the service in caddy by pointing to said port on the minikube container, something like this in the Caddyfile:
minikube.app.mydomain.com {
reverse_proxy minikube:32637 {
header_up Host {host}
}
}
This is just to confirm that in vanilla minikube I have no trouble with ingress configuration. KNative clearly has this extra layer of networking by which it's generating URLs for applications though and that has be flummoxed. I can't just replace the `minikube:32637 with the private IP addresses KNative returns)
Upvotes: 1
Views: 632
Answers (1)
Reputation: 3493
Knative uses the HTTP Host header to share a single IP address across many services (sorta like what you're doing with caddy...).
If you want to use caddy to route these requests, you'll need to rewrite the Host header using the header_up directive. You may be able to use the replacement form and/or change the Knative domain prefix to make this easier.
Upvotes: 1
Related Questions
- Exposing minikube ( running on docker ) IP
- Kubernetes DNS not resolving
- how to access external service using the minikube host's public ip address
- DNS lookup on Headless service doesn't return any IP addresses
- Service IP & Port discovery with Kubernetes for external App
- How do I use minikube's DNS?
- DNS in Kubernetes deployment not working as expected
- how to configure an internal static ip for pod inside of minikube
- How to expose kubernetes service to public without hardcoding to minion IP?
- Configure Kube DNS when running Kubernetes via Docker