Is Ingress working with ClusterIP services?

Question

I've setup some services and ingresses to try out the SSL termination. I had no problem at all with LoadBalancer and NodePort services as backend but it's not working at all with ClusterIP service.

Although the Ingress' backend is described as healthy, I get an HTTP error that do not come from my application.

$ kubectl describe ing nginx-cluster-ssl-ingress
Name:           nginx-cluster-ssl-ingress
Namespace:      default
Address:        X.X.X.X
Default backend:    nginx-cluster-svc:80 (...)
TLS:
  ssl-certificate terminates
Rules:
  Host  Path    Backends
  ----  ----    --------
Annotations:
  https-target-proxy:       k8s-tps-default-nginx-cluster-ssl-ingress
  static-ip:            k8s-fw-default-nginx-cluster-ssl-ingress
  target-proxy:         k8s-tp-default-nginx-cluster-ssl-ingress
  url-map:          k8s-um-default-nginx-cluster-ssl-ingress
  backends:         {"k8s-be-30825":"HEALTHY"}
  forwarding-rule:      k8s-fw-default-nginx-cluster-ssl-ingress
  https-forwarding-rule:    k8s-fws-default-nginx-cluster-ssl-ingress
Events:
  FirstSeen LastSeen    Count   From                SubobjectPath   Type        Reason  Message
  --------- --------    -----   ----                -------------   --------    ------  -------
  28m       28m     1   {loadbalancer-controller }          Normal      ADD default/nginx-cluster-ssl-ingress
  27m       27m     1   {loadbalancer-controller }          Normal      CREATE  ip: X.X.X.X

The HTTP error is the following:

$ curl http://X.X.X.X/
default backend - 404%

My question is quite simple: is it supposed to work with ClusterIP services? If it is supposed to as more or less written in the documentation, where should I have a look to resolve that issue?

Thank you!

Answer 1

The native GKE Ingress controller do not support ClusterIP , only NodePort is working.

Non-native Ingress controllers such as the nginx one do work with ClusterIP services.

Answer 2

Nginx ingress controller on GKE works with ClusterIp. But the native GKE ingress controller does not as mentioned by @samuel-roze

kubernetes.io/ingress.class: nginx

Answer 3

If you are using GKE cluster and you use container-native load balancing (which is enabled by adding the cloud.google.com/neg: '{"ingress": true}' annotation in your ClusterIP services), then your GKE/GCE ingress can talk directly to the ClusterIP service, without needing it to be NodePort service.

Reference: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#:~:text=unless%20you%27re%20using%20container%20native%20load%20balancing

---

GKE auto-adds the cloud.google.com/neg: '{"ingress": true}' annotation if a set of conditions are true. Then you don't need to add this annotation manually to get container-native load balancing. Otherwise, you will need to add this annotation to get container-native load-balancing; which then enables your ingress to talk directly to the ClusterIP service.

Reference: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#:~:text=In%20these%20conditions%2C%20Services%20will%20be%20annotated%20automatically