I've setup some services and ingresses to try out the SSL termination. I had no problem at all with LoadBalancer
and NodePort
services as backend but it's not working at all with ClusterIP
service.
Although the Ingress' backend is described as healthy, I get an HTTP error that do not come from my application.
$ kubectl describe ing nginx-cluster-ssl-ingress
Name: nginx-cluster-ssl-ingress
Namespace: default
Address: X.X.X.X
Default backend: nginx-cluster-svc:80 (...)
TLS:
ssl-certificate terminates
Rules:
Host Path Backends
---- ---- --------
Annotations:
https-target-proxy: k8s-tps-default-nginx-cluster-ssl-ingress
static-ip: k8s-fw-default-nginx-cluster-ssl-ingress
target-proxy: k8s-tp-default-nginx-cluster-ssl-ingress
url-map: k8s-um-default-nginx-cluster-ssl-ingress
backends: {"k8s-be-30825":"HEALTHY"}
forwarding-rule: k8s-fw-default-nginx-cluster-ssl-ingress
https-forwarding-rule: k8s-fws-default-nginx-cluster-ssl-ingress
Events:
FirstSeen LastSeen Count From SubobjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
28m 28m 1 {loadbalancer-controller } Normal ADD default/nginx-cluster-ssl-ingress
27m 27m 1 {loadbalancer-controller } Normal CREATE ip: X.X.X.X
The HTTP error is the following:
$ curl http://X.X.X.X/
default backend - 404%
My question is quite simple: is it supposed to work with ClusterIP services? If it is supposed to as more or less written in the documentation, where should I have a look to resolve that issue?
Thank you!
The native GKE Ingress controller do not support ClusterIP
, only NodePort
is working.
Non-native Ingress controllers such as the nginx one do work with ClusterIP
services.
Nginx ingress controller on GKE works with ClusterIp. But the native GKE ingress controller does not as mentioned by @samuel-roze
kubernetes.io/ingress.class: nginx
If you are using GKE cluster and you use container-native load balancing (which is enabled by adding the cloud.google.com/neg: '{"ingress": true}'
annotation in your ClusterIP services), then your GKE/GCE ingress can talk directly to the ClusterIP service, without needing it to be NodePort service.
GKE auto-adds the cloud.google.com/neg: '{"ingress": true}'
annotation if a set of conditions are true. Then you don't need to add this annotation manually to get container-native load balancing. Otherwise, you will need to add this annotation to get container-native load-balancing; which then enables your ingress to talk directly to the ClusterIP service.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.