19
  1. I use a local kubernetes bundled with docker on Mac OS.
  2. I've installed the nginx-ingress-controller.
  3. I managed to send external http request via ingress to my kubernetes managed containers (e.g. from my local browser). All request are sent via the nginx ports 80 or 443.

The problem is, that I can only route http or https requests via my ngnix controller. How can I send non HTTP Requests (e.g. database or corba) via ingress to my containers?

Levent Divilioglu
  • 11,198
  • 5
  • 59
  • 106
Matthias M
  • 12,906
  • 17
  • 87
  • 116
  • 1
    Can anyone give full manifest files of the service, configMap, and ingress to deploy a simple sftp app in kubernetes using ingress? – Amit Yadav Jul 17 '19 at 15:56

3 Answers3

21

This is not well supported via the ingress mechanism and is an open issue.
There is a work around for tcp or udp traffic using nginx-ingress which will map an exposed port to a kubernetes service using a configmap.
See this doc.

Start the ingress controller with the tcp-services-configmap (and/or udp-services-configmap) argument. 

args: 
- "/nginx-ingress-controller"
- "--tcp-services-configmap=default/nginx-tcp-configmap"
- "--v=2"

deploy configmap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-tcp-configmap
data:
  9000: "default/example-service:8080"

where 9000 is the exposed port and 8080 is the service port

JoshRagem
  • 575
  • 3
  • 10
stacksonstacks
  • 8,613
  • 6
  • 28
  • 44
  • Is it correct to combine the ingress controller arguments? So I have two configmaps as a result: --configmap=nginx-ingress/nginx PLUS --tcp-services-configmap=default/nginx-tcp-configmap" – Matthias M Mar 31 '18 at 13:41
  • Unfortunately the solution does not work for me: The exposed port is not accessable. Do I have to tell kubernetes somewhere else to expose that port? Is the configmap really sufficient? – Matthias M Mar 31 '18 at 14:48
  • From the example above, port 9000 is exposed inside nginx-ingress-controller. You can check it out by doing kubectl exec -it bash and doing netstat -nltp | grep 9000. However, I don't see how this port gets accessible from the outside? – Bakir Jusufbegovic Aug 03 '18 at 13:06
  • do you know how to do it with helm? – silgon Aug 08 '18 at 08:17
  • 1
    The `see this doc` link is dead – GrimSmiler Oct 22 '18 at 08:07
  • @GrimSmiler doc link is fixed – JoshRagem Nov 22 '18 at 20:28
  • I tried this solution using `minikube` default nginx load balancer which has the `nginx-ingress-controller:0.21.0`. But it didn't work for me. Is there any restriction to do this in `minikube`?. I tried to upgrade the nginx controller version using `kubectl apply -f`. But the update did not apply to the nginx deployment. – Buddhi Mar 25 '19 at 03:28
  • I am getting this kubelet error: `MountVolume.SetUp failed for volume "webhook-cert" : secret "ingress-nginx-admission" not found` – haridsv Mar 25 '22 at 11:23
  • Just for clarity, to reach the above status, I had to use `runAsuser: 0` as specified in https://github.com/kubernetes/ingress-nginx/issues/2783 – haridsv Mar 28 '22 at 08:57
5

I'm using a nginx-ingress-controller on a bare-metal server. In order to get on the hosted sites from all nodes, I created it as a DaemonSet rather than a Deployment (Bare-metal considerations).

The solution works well and updates on the Ingress specifications are perfectly integrated.

For the sake of making a TS Server available, I changed my args for the Pods in nginx-ingress-controller.yml as mentioned by stacksonstacks:

/nginx-ingress-controller
  --configmap=$(POD_NAMESPACE)/nginx-configuration
  --publish-service=$(POD_NAMESPACE)/ingress-nginx
  --annotations-prefix=nginx.ingress.kubernetes.io
  --tcp-services-configmap=default/tcp-ingress-configmap
  --udp-services-configmap=default/udp-ingress-configmap

Unfortunately, when applying the changed specification, the DaemonSet did not automatically recreate the Pods, so when inspecting the Pods, I still had the old args:

/nginx-ingress-controller
  --configmap=$(POD_NAMESPACE)/nginx-configuration
  --publish-service=$(POD_NAMESPACE)/ingress-nginx
  --annotations-prefix=nginx.ingress.kubernetes.io

Deleting the Pods inside ingress-nginx namespace with kubectl --namespace ingress-nginx delete pod --all made the controller create new Pods and finally the ports were available on the host-network.

I know the circumstances might be a bit different, but hopefully someone can save a few minutes with this.

Fabian Witte
  • 61
  • 1
  • 5
1

(One of the comments talked about Helm).
For those who are using ingress-nginx helm chart - most of the configuration is already done.

You just need to go to the relevant protocol section (tcp or udp) and add the relevant port and service url under it.

For example:

tcp: 
  8080: "default/example-tcp-svc:9000"
Rot-man
  • 18,045
  • 12
  • 118
  • 124