Kubernetes Ingress on GKE

5
votes

I deployed Kubernetes on AWS with KOPS and the nginx-ingress.

To evaluate multiple clouds (and cut costs), I want to deploy on GKE. Everything worked, except the darn Ingress's. (That was the hardest part on AWS).

Below is the Ingress I'm using on GKE. It makes two Ingresses in the dashboard, each with an IP address.

If I point my DNS at those addresses, the connection is refused. I'm checking the DNS resultion with ping.

All HTTPS fail to connect with "Unable to establish SSL connection.", except button which is "502 Bad Gateway"

HTTP fails to connect with 502 except admin which is 503.

In the Google Cloud Platform dashboard, I see two load balancers. "all" points to my SSL cert. "button" isn't doing HTTPS, but that's another problem.

Clearly I'm missing something. What did I miss?

I'm using kubectl v1.4.6 and whatever version on GKE would have installed yesterday.

```
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    # this is for nginx ingress controler on AWS
    # kubernetes.io/ingress.class: "nginx"
  name: all-ingress
spec:
  tls:
  - hosts:
    - admin-stage.example.com
    - dashboard-stage.example.com
    - expert-stage.example.com
    - signal-stage.example.com
    - stage.example.com
    secretName: tls-secret
  rules:
  - host: admin-stage.example.com
    http:
      paths:
      - backend:
          serviceName: admin-service
          servicePort: http-port
        path: /
  - host: dashboard-stage.example.com
    http:
      paths:
      - backend:
          serviceName: dashboard-service
          servicePort: http-port
        path: /
  - host: expert-stage.example.com
    http:
      paths:
      - backend:
          serviceName: expert-service
          servicePort: http-port
        path: /
  - host: signal-stage.example.com
    http:
      paths:
      - backend:
          serviceName: signal-service
          servicePort: http-port
        path: /
  - host: stage.example.com
    http:
      paths:
      - backend:
          serviceName: www-service
          servicePort: http-port
        path: /
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    # this is for nginx ingress controler on AWS
    # kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/ssl-redirect: "false"
  name: button-ingress
spec:
  tls:
  - hosts:
    - button-stage.example.com
    secretName: tls-secret
  rules:
  - host: button-stage.example.com
    http:
      paths:
      - backend:
          serviceName: button-service
          servicePort: http-port
        path: /
```
1
kubernetesgoogle-kubernetes-engine
please check github.com/kubernetes/contrib/blob/master/ingress/controllers/…, github.com/kubernetes/contrib/tree/master/ingress/controllers/…, github.com/kubernetes/contrib/tree/master/ingress/controllers/…. You need: node port services, a health check (either / serving a 200 or a readiness probe on your pods matching the nodeport), and enough backend quota in GCE. What does kubectl describe say?Prashanth B
Switched to NodePort, and resolving quota issues...Michael Cole
Now it's serving / from the app, but /files.css from the default-backend...Michael Cole
see github.com/kubernetes/contrib/tree/master/ingress/controllers/…Prashanth B
@PrashanthB hmmm... None of this looks finished. I need something that works, so I deployed the nginx controller I was using on AWS and it worked. Thanks for your help Prashanth!Michael Cole

1 Answers

5
votes

Prashanth's comments were helpful, in the end, native cloud Ingress (AWS/GCE) isn't finished in Kubernetes enough to be useful for my purposes. There's no point learning an abstraction that is more complicated and less functional than the thing underneath.

I ended up using the nginx-ingress from this answer: Kubernetes 1.4 SSL Termination on AWS

On the resulting Ingress is an IP you can point DNS (not the "External Endpoints" on the service). Good luck!