Background:
I've got a one node K8s cluster via kubeadm with the default nginx-ingress controller deployed. I'm trying to get the default nginx web server deployment accessible to test successful node ingress via the nginx ingress controller. Since its bare metal I'm using a HAProxy outside the cluster as a reverse proxy (Saying a one node load balancer might not make much sense). My understanding is that I need to test via HAProxy because I can't request directly via IP:port because the hostname is what triggers the ingress rule. Configuration files and details are below. Relevant services and confirmed running/available.
Getting a 503 error leads me to believe HAProxy is working because from the docs. 503 [is] when no server was available to handle the request https://stackoverflow.com/questions/20881327/haproxy-503-service-unavailable-no-server-is-available-to-handle-this-request
Question:
The key clue I'd like clarification on is: How exactly is the ingress controller listening for requests and where exactly? My understanding is that based on the HAProxy config below, traffic is getting sent to the cluster node VM IP of 192.168.1.27:80.
But that doesn't seem like where the ingress controller listens. Its "endpoint" is 10.0.251.195:80 (see the ingress controller service output below for where I got that from) which is a virtual cluster IP. My understanding is that I should not be using a nodeport for an ingress controller.
In short, what bridges the machine IP:port recieving HAPRoxy data to the ingress controller cluster-IP:port?
Sources:
I watched this video where he does essentially the same thing and he doesn't do anything special to reconcile this. Yet it works. So I'm missing something...
https://www.youtube.com/watch?v=chwofyGr80c
This was a SO question touching on similar issues that raised as many questions as it answered.
https://stackoverflow.com/questions/44110876/kubernetes-service-external-ip-pending
Should this be a dead end I will look into metalLB.
Thank you for your help.
Trent
Config details:
On my cluster node VM (192.168.1.27)
nginx simple web server configuration:
kubectl create deployment nginx --image=nginx
internal service:
apiVersion: v1
kind: Service
metadata:
name: nginx-hello-internal-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
ingress rule:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nginx-hello-ingress
spec:
rules:
- host: test.com
http:
paths:
- backend:
serviceName: nginx-hello-internal-service
servicePort: 80
Info on the ingress controller service, specifically note the port info:
$ kubectl describe service default-nginx-ingress -n nginx-ingress
Name: default-nginx-ingress
Namespace: nginx-ingress
Labels: app.kubernetes.io/instance=default
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=default-nginx-ingress
helm.sh/chart=nginx-ingress-0.8.0
Annotations: meta.helm.sh/release-name: default
meta.helm.sh/release-namespace: nginx-ingress
Selector: app=default-nginx-ingress
Type: LoadBalancer
IP Families: <none>
IP: 10.111.253.133
IPs: 10.111.253.133
Port: http 80/TCP
TargetPort: 80/TCP
NodePort: http 30726/TCP
Endpoints: 10.0.251.195:80
Port: https 443/TCP
TargetPort: 443/TCP
NodePort: https 30322/TCP
Endpoints: 10.0.251.195:443
Session Affinity: None
External Traffic Policy: Local
HealthCheck NodePort: 31929
Events: <none>
Nothing listening on port 80??
$ sudo ss -tunlp | grep :80
$
On my reverse proxy VM (192.168.1.28)
haproxy config:
frontend http_front
bind *:80
stats uri /haproxy?stats
default_backend http_back
backend http_back
server cluster0 192.168.1.27:80
confirm listening port:
$sudo ss -tunlp
...
tcp LISTEN 0 3000 0.0.0.0:80 0.0.0.0:* users:(("haproxy",pid=915,fd=6))
...
Testing from a third, separate machine
/etc/hosts file:
127.0.0.1 localhost
::1 localhost
127.0.1.1 tsw-arch.localhomain tsw-arch
192.168.1.28 test.com
confirm host updated:
$ ping test.com
PING test.com (192.168.1.28) 56(84) bytes of data.
64 bytes from test.com (192.168.1.28): icmp_seq=1 ttl=64 time=0.489 ms
--- test.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
But trying to access the web server fails:
$ wget test.com
--2021-03-12 13:15:25-- http://test.com/
Resolving test.com (test.com)... 192.168.1.28
Connecting to test.com (test.com)|192.168.1.28|:80... connected.
HTTP request sent, awaiting response... 503 Service Unavailable
2021-03-12 13:15:28 ERROR 503: Service Unavailable.
