2

I'm trying to figure out how to create multiple ingress resources that share an IP. Or, if that isn't possible, I'd like to know if there's some sort of forwarding rule I can use in conjunction with a Cloud DNS entry that ensures all traffic to an IP (which I can make static) goes to one kubernetes cluster.

Essentially I'd like to set up an ingress with each service that contains one or more subdomains and all those ingresses to point to the same cluster. Right now I get a different ephemeral IP with each ingress. Can I create some forwarding rule that points all traffic to a static IP go to a cluster and then perhaps create a wildcard DNS entry that points all subdomains to the static IP?

Here's an example config similar to what I'm using:

apiVersion: v1
kind: Service
metadata:
  name: api-service
  labels:
    name: api-service
spec:
  type: NodePort
  ports:
    - port: 80
      targetPort: 3000
      protocol: TCP
  selector:
    name: api-deployment
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: api-deployment
  labels:
    name: api-deployment
spec:
  template:
    metadata:
      labels:
        name: api
    spec:
      containers:
        - image: us.gcr.io/[project]/hello-world:1.0.0
          name: api
          ports:
            - containerPort: 3000
          env:
            - name: NAME
              value: api
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: api-ingress
spec:
  backend:
    serviceName: api-service
    servicePort: 80
  rules:
  - host: api.example.com
    http:
      paths:
      - backend:
          serviceName: api-service
          servicePort: 80

I create these resources on a kube cluster like so:

$ kubectl create -f api.yml

And then see the ingress that's created like so:

$ kubectl get ing
NAME              RULE             BACKEND           ADDRESS          AGE
api-ingress       -                api-service:80    130.211.32.223   1h
                  api.example.com
                                   api-service:80

Now, imagine you copy that yaml above and change the service, deployment and ingress name to api-2 and create those. You'd end up with something like this:

$ kubectl get ing
NAME              RULE             BACKEND           ADDRESS          AGE
api-ingress       -                api-service:80    130.211.32.223   1h
                  api.example.com
                                   api-service:80
api-2-ingress     -                api-2-service:80  130.211.22.214   1h
                  api-2.example.com
                                   api-2-service:80

Which is fine... But I need to ensure all traffic to *.example.com goes to the cluster so the ingresses can do their magic and route the requests to the right services.

I know I could have a single ingress resource created and patch that one instead of creating a new one but I'm trying to avoid that and would prefer if I can create one per service.

Is this possible somehow?

Related: https://github.com/kubernetes/kubernetes/issues/26935

luisgo
  • 2,385
  • 4
  • 24
  • 30
  • If static IP solves your problem, just reserve the address for your project. https://cloud.google.com/sdk/gcloud/reference/compute/addresses/create – Vikram Tiwari Jun 08 '16 at 00:07
  • @VikramTiwari you mean take one of those ephemeral IPs used by the ingress, right? If so, the problem is I'll keep adding ingresses which will have different IPs and those won't be associated to the *.example.com wildcard DNS record. Or am I missing something? – luisgo Jun 08 '16 at 00:35
  • Once you have an static IP you can use it on the load balancer for your cluster and hence keep spawning newer ingresses and adding them to load balancer. http://stackoverflow.com/questions/32266053/how-to-specify-static-ip-address-for-kubernetes-load-balancer – Vikram Tiwari Jun 08 '16 at 00:53

1 Answers1

2

Each ingress resource will have a separate IP. If you need to share a single IP between domains, then you will need to configure both domains in the same ingress resource. Try kubectl edit if you don't want to patch directly on the command line.

Robert Bailey
  • 17,866
  • 3
  • 50
  • 58
  • Yup. That seems to be the case. I understand. What I'm wondering is if there is a way to add on top of this setup to work around the limitation. Perhaps some sort of routing rule that sends all traffic to a static IP to a specific target pool. Even if I have to do this outside of kubernetes and straight through compute. That way I can have a wildcard DNS entry point to the static IP and the rule forward to the cluster. – luisgo Jun 09 '16 at 16:38
  • 1
    You can configure a cloud L3 load balancer for an ip address, and have it direct traffic to a pool of nginx or apache servers that performs L7 balancing. – Robert Bailey Jun 09 '16 at 22:00
  • @RobertBailey Would you recommend to use one (static) IP for each ingress resource in general? I have two clusters (dev+stage and prod) and namespaces for each environment and app (dev-frontend, dev-api, stage-frontend, stage-api, prod-frontend, prod-api). Should I use one IP for each, resulting in 6 static IPs (I am on GKE) – chriscross May 14 '19 at 13:55
  • @RobertBailey Sorry the comment before was misleading as I understand there is always a 1:1 relation between (static) IP and ingress resource. Still, is the solution (6 IPs for 6 namespaces) a good one? Alternatively, using one ingress for several namespaces requires workarounds – chriscross May 14 '19 at 14:08