6

I have a GCE Ingress configured and working with SSL on port 443. I'm trying to get port 28080 pointing to my standalone actionable server.

I currently have this for my Ingress yaml:

# web-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gke-ingress
  annotations:
    kubernetes.io/ingress.class: "gce"
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/ingress.allow-http: "false"
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /ws
        backend:
          serviceName: websocket
          servicePort: 28080
  tls:
  - secretName: gkecert
    hosts:
    - example.com
  backend:
    serviceName: web
    servicePort: 443

If I set the path to / for the websocket service, it screws up the root path (error 503). From what I've read, an ingress cannot handle 2 ports on one path. How then are people connecting their front-ends to websocket servers without separating by path?

Wytrzymały Wiktor
  • 731
  • 3
  • 10
Archonic
  • 314
  • 2
  • 5
  • 13

2 Answers2

1

I think your second Backend service is missing the path, if you want to use ingress with one host and two services you should add the path. See ingress fanout then your ingress should be like:

# web-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: gke-ingress
  annotations:
    kubernetes.io/ingress.class: "gce"
    ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/ingress.allow-http: "false"
spec:
  tls:
  - secretName: gkecert
    hosts:
    - example.com
  rules:
  - host: example.com
    http:
      paths:
      - path: /ws
        backend:
          serviceName: websocket
          servicePort: 28080
      - path: /
        backend:
          serviceName: web
          servicePort: 443

You must specify the path if you want to use the same host. You can connect the front-ends to websocket servers without separating by path using different host. See the documentation on how we do it Link

Alioua
  • 381
  • 1
  • 8
  • "You can connect the front-ends to websocket servers without separating by path using different host" - That seems to confirm that it's not possible to have two ports go to 2 services on the same path for the same host. The example I gave works, but I was hoping to get the `/ws` path to `/`. Your example 404s at `/` for the web, not sure why. – Archonic Jul 28 '18 at 19:22
  • My mistake, your example seems to be equivalent to mine, and cleaner. Thought it was 404'ing because it doesn't redirect http to https. – Archonic Jul 28 '18 at 19:28
  • when it's 404 dafault backend, that mean the rules doesn't apply or there is no rules. ingress only expose the port 80 and 443 to expose other port you need to setup a load balancer like below. – Alioua Jul 30 '18 at 16:22
  • apiVersion: v1 kind: Service metadata: name: websocket spec: type: LoadBalancer ports: - port: 28080 targetPort: 80080 protocol: TCP selector: name: standalone – Alioua Jul 30 '18 at 16:23
  • Port 28080 is exposed in the example in the question, it's just the path that bothers me. – Archonic Jul 31 '18 at 18:32
  • you need to specify the path for each service listening. Did you try to curl inside the node the endpoint using the path and port? check if you get a response then move to the ingress. – Alioua Aug 03 '18 at 16:25
  • Port 28080 is connecting and responding to the websocket service just fine. Everything is working. I was wondering how I could have the `/ws` path be `/`. It's just a vanity thing. – Archonic Aug 04 '18 at 04:23
  • 1
    because you can't have two services is the same path these are different app each service is listening on his app for example you have two app running the one running on "28080" and the other in "443" try first to deploy one service "websocket" on the path "/" and check the connectivity. – Alioua Aug 06 '18 at 19:16
0

Kubernetes Ingress: How can I expose two ports on one path?

As already stated in comments by Alioua, it's not possible. I would also say that mapping a single path to two different port numbers doesn't make much sense from the perspective of the ingress logic.

What you expose externally is some specific path of the http/https URL, so the only ports exposed externally are 80 and 443.

An ingress path refers to exactly one backend Service, that exposes (internally from the cluster perspective) your app (or rather a single microservice that your complex app consists of) on a single port.

mario
  • 525
  • 3
  • 8