How to point to a service in a different ns than the ingress

0
votes

i am looking at creating an alb using https://github.com/kubernetes-sigs/aws-load-balancer-controller

Lets say i have two namespaces kubernetes-dashboard and otherns.

In the first namespace i have a service called kubernetes-dashboard and in the second namespace i have a service called otherservice

Would the below ingress work?

ingress.yml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: general-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80,"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: <redacted>
    alb.ingress.kubernetes.io/tags: Environment=staging,Team=dev
    alb.ingress.kubernetes.io/healthcheck-path: /health
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '300'
spec:
  rules:
    - host: k8s.acme.com
      http:
        paths:
          - path: /*
            backend:
              serviceName: kubernetes-dashboard.kubernetes-dashboard
              servicePort: 8080
    - host: otherservice.acme.com
      http:
        paths:
          - path: /*
            backend:
              serviceName: otherservice.otherns
              servicePort: 80
2
kuberneteskubernetes-ingressaws-load-balancer

2 Answers

2
votes

I found there is two solutions to this problem.

The second solution did not work for me because i am using a library which does not support that. https://github.com/kubernetes-sigs/aws-load-balancer-controller

  1. Create multiple ingress files delcaring the same group.name.

https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/#ingressgroup

IngressGroup feature enables you to group multiple Ingress resources together. The controller will automatically merge Ingress rules for all Ingresses within IngressGroup and support them with a single ALB. In addition, most annotations defined on a Ingress only applies to the paths defined by that Ingress.

  1. Use an externalName service

https://kubernetes.io/docs/concepts/services-networking/service/#externalname

You can create an ExternalName service in the same namespace as your ingress, your ingress will then point to this special ExternalName service

1
votes

Namespaces are security boundaries. An Ingress resource in a namespace cannot direct traffic to a service in a different namespace. If that would be possible, users could hijack traffic to services.

In the first namespace i have a service called kubernetes-dashboard and in the second namespace i have a service called otherservice

What you need to do in this case is to use two different Ingress-resources. You can still use the same Application Load Balancer.