This message was deleted.
# generala
adamant-kite-43734
06/20/2023, 4:48 AMThis message was deleted.
c
creamy-pencil-82913
06/20/2023, 5:00 AMIngress resources don't create pods. They just tell the Ingress controller how to route requests.
creamy-pencil-82913
06/20/2023, 5:01 AMNginx and traefik are both examples of ingress controllers
i
important-petabyte-50139
06/20/2023, 5:04 AMHmm, so that means I would need to
a) Create an ingress controller, i.e., add an nginx workload/service to my application's namespace
b) Create and ingress that routes to that controller?
important-petabyte-50139
06/20/2023, 5:04 AMbtw: thanks again for all the help
c
creamy-pencil-82913
06/20/2023, 5:05 AMNo.
i
important-petabyte-50139
06/20/2023, 5:05 AM...sigh ...
c
creamy-pencil-82913
06/20/2023, 5:06 AMAn ingress controller is a thing that uses Ingress resources to route requests to services and pods. Loadbalancer services handle things at layer 3, ingress controllers handle things at layer 7.
creamy-pencil-82913
06/20/2023, 5:08 AMNormally you would expose the ingress controller as either a Loadbalancer service, or as a daemonset using a fixed host port. That gives you an IP and port to connect to. The ingress looks at the TLS handshake, or host header, or uri in the request, and then routes things to many different services within the cluster.
creamy-pencil-82913
06/20/2023, 5:09 AMIt is the centralized ingress point for requests into your cluster. Hence the name.
creamy-pencil-82913
06/20/2023, 5:09 AMIngress resources configure the request routing engine in the ingress controller, by telling it how to match http requests, and where to send them
i
important-petabyte-50139
06/20/2023, 5:16 AMRight, so, I have a service, let's say a web server, i.e., http/port 80, as a service. And I have an external load balancer, nginx, that does my SSL termination for me. In my head I thought I could do the following:
• HTTPS to external load balancer at https://myserver.something.com
• Do SSL/TLS termination, send requests to http://myserver.something.com at the three worker nodes of the cluster
• Create an ingress with path myserver.someting.com that connects to the web-server app/service
However, that doesn't seem to work, most likely because I'm misunderstanding something. I thought the ingress would automatically route everything that goes to one of the worker nodes at myserver.something.com to the clusterIP of the service ...
important-petabyte-50139
06/20/2023, 5:19 AMThe reason why I was asking about the ingress controller is that I was trying to debug it/tcpdump the packages but realised there is no pod for the ingress. Which makes sense given it's just a set of rules.
important-petabyte-50139
06/20/2023, 5:45 AMOk, forget about it, I got a little bit further and it is kind of what I thought initially (and most likely everything you said and I didn't understand):
An ingress controller (pod/workload) has to exist, e.g., an nginx one, which in Rancher using RKE2 is the rke2-nginx-ingress-controller pod.
However, other applications have additional ingress controllers, e.g., gitlab comes with it's own ingress controller pod.
When I create an ingress I can choose the ingressClass from the available ingress controllers, e.g., nginx (default rke2 ingress controller) and gitlab-nginx (the gitlab ingress controller)
important-petabyte-50139
06/20/2023, 5:46 AMRunning into the next wall now but at least that kind of makes sense 🙂
Thanks again for your time, hope it wasn't too annoying.
17 Views