Reputation: 1
K8s FQDN EndpointSlice not recognized by ingress?
Needing ingress -> service (no label selectors) -> service (with label selectors) -> pods...
Setting up a blue/green environment and due to cross-app restrictions, I need an ingress sending traffic to a service which forwards traffic to another service name, which may frequently change (so I'm trying to avoid hardcoding any IP addresses) and will also need to support services in another namespace, and later, in another cluster altogether. I'm reading that I may need to manually create my own EndpointSlice for the ExternalName type service to be used by the ingress BUT I am using the aws alb controller for ALB creation using the ingress annotations and apparently it doesn't support ExternalName services. My ingress is giving an endpoints not found error even after creating an endpointslice with FQDN type, regardless of if the live-svc below is of ExternalName type or not.
Important: The service the external ingress sends traffic to needs to receive traffic from other pods internally when referenced by its internal DNS name live-svc.myNamespace.svc.cluster.local. Traffic can't exit the cluster and come back in for inter-app communication, due to latency requirements. So, users could access pods by going to app-live.mydomain.com, OR other apps within the cluster could reference the live-svc DNS name to access and traffic stays internal to the cluster.
Below is what I'm trying. The ingress should reach live-svc which then directs traffic to secondaryService which directs traffic to pods based on label selectors. I think the EndpointSlice is what is causing it to not work. Do I have to create an Endpoints type resource, instead? I thought EndpointSlice is replacing Endpoints and is recommended?
apiVersion: v1
kind: Service
metadata:
name: live-svc
namespace: myNamespace
spec:
#type: ExternalName
#externalName: secondaryService.myNamespace.svc.cluster.local #this secondary service does select pods successfully
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: live-svc
namespace: myNamespace
labels:
kubernetes.io/service-name: live-svc
addressType: FQDN
ports:
- name: https
protocol: TCP
port: 443
endpoints:
- addresses:
- secondaryService.myNamespace.svc.cluster.local
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
...
name: app-public
namespace: myNamespace
spec:
rules:
- host: app-live.mydomain.com
http:
paths:
- backend:
service:
name: live-svc
port:
name: https
path: /
pathType: Prefix
Upvotes: 0
Views: 439
Answers (1)
Reputation: 15558
...secondaryService which directs traffic to pods based on label selectors.
...
endpoints:
- addresses:
- secondaryService.myNamespace.svc.cluster.local
The FQDN cannot be K8s service type ClusterIP, this is not supported.
Upvotes: 0
Related Questions
- Ingress vs Load Balancer
- error validating data: [ValidationError(Ingress.spec.rules[0].http.paths[0].backend): eks v1.22
- how to redirect http to https using a kubernetes ingress controller on Amazon EKS
- Nginx Ingress: service "ingress-nginx-controller-admission" not found
- Exposing AKS cluster application using ingress
- Exposing kubernetes Dashboard with clusterIP service externally using Ingress rules
- Kubernetes Nginx Ingress partial ssl termination
- How Alb Ingress Controller target-type:instance forward requests