ssaila
July 21, 2020, 3:06pm
1
we are having 2 different domains for 2 different namespaces
host 1 : dev.example.com mapped to dev namespace
host 2: qa.example.com mapped to qa namespace
and there is service1 in both of them
When I am accessing dev.example.com/service1 it is rendering correctly
But when I am acessing qa.example.com/service1 it is rendering dev service1 pages and not qa ones .
Could you please help
Replicate above scenario - create kong gateway and other resources in kong namespace ( kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/master/deploy/single/all-in-one-dbless.yaml -n kong)
I have edited the kong-proxy service from the above file to point to an External ip
ssaila
July 21, 2020, 3:10pm
3
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-type: elb
name: kong-proxy
namespace: kong
spec:
ports:
name: proxy
port: 80
targetPort: 8000
protocol: TCP
name: proxy-ssl
port: 443
targetPort: 8443
protocol: TCP
selector:
app: ingress-kong
type: LoadBalancer
externalIPs:
Api services are in respective namespaces (dev and qa) .
I have configured devingress(Ingress resources) in dev namespace and qaingress(Ingress resources) which maps to respective hosts
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: devingress
namespace: dev
annotations:
configuration.konghq.com : do-not-preserve-host
kubernetes.io/ingress.class: “devingress”
spec:
rules:
host: dev.example.com
http:
paths:
path: /service1/
backend:
serviceName: service1-api
servicePort: 80
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: qaingress
namespace: qa
annotations:
configuration.konghq.com : do-not-preserve-host
kubernetes.io/ingress.class: “qaingress”
spec:
rules:
host: qa.example.com
http:
paths:
path: /service1/
backend:
serviceName: service1-api
servicePort: 80
After adding ingress.class my qa host is not finding host it’s saying
@hbagdi , Could you or anybody else please help
hbagdi
July 21, 2020, 8:12pm
4
Your Ingress class annotation should be same for both the Ingress resource since they are both being controlled by the same kong ingress controller.
ssaila
July 27, 2020, 6:22am
5
Yes that works … Thank you @hbagdi
Hello, I have the same issue too, please give me a help.
First of all, I deployed a Rocketmq into the DEV namespace, and I created an Ingress by the following command and yaml.
kubectl apply -f ingress.yaml -ndev
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: redirect
annotations:
konghq.com/strip-path: "true"
kubernetes.io/ingress.class: "kong"
spec:
rules:
- host: ybd.k8s.dev.com
- http:
paths:
- path: /rocketmq
pathType: ImplementationSpecific
backend:
service:
name: console-service
port:
number: 8080
for now, all is right, and I can access the Rocketmq successful.
but when I create a Rockermq into TEST namespace and I apply the ingress to TEST namespace too,
kubectl apply -f ingress.yaml -ntest
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: redirect
annotations:
konghq.com/strip-path: "true"
kubernetes.io/ingress.class: "kong"
spec:
rules:
- host: ybd.k8s.test.com
- http:
paths:
- path: /rocketmq
pathType: ImplementationSpecific
backend:
service:
name: console-service
port:
number: 8080
I can not access both the DEV and TEST Rocketmq services with a 503 error code, here are the logs in KONG CONTROLLER proxy pod.
10.96.14.128 - - [28/Aug/2021:15:40:37 +0000] "GET /rocketmq/ HTTP/1.1" 503 58 "http://ybd.k8s.dev.com/rocketmq/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
by the way, I deploy kong by daemonset.
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: ingress-kong
name: ingress-kong
namespace: kong
spec:
selector:
matchLabels:
app: ingress-kong
template:
metadata:
annotations:
kuma.io/gateway: enabled
prometheus.io/port: "8100"
prometheus.io/scrape: "true"
traffic.sidecar.istio.io/includeInboundPorts: ""
labels:
app: ingress-kong
spec:
containers:
- env:
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 ssl http2
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8444 ssl
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100
- name: KONG_DATABASE
value: "off"
- name: KONG_NGINX_WORKER_PROCESSES
value: "2"
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
image: kong:2.5
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- kong quit
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8100
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: proxy
ports:
- containerPort: 8000
name: proxy
protocol: TCP
- containerPort: 8443
name: proxy-ssl
protocol: TCP
- containerPort: 8100
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status
port: 8100
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
- env:
- name: CONTROLLER_KONG_ADMIN_URL
value: https://127.0.0.1:8444
- name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
value: "true"
- name: CONTROLLER_PUBLISH_SERVICE
value: kong/kong-proxy
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: kong/kubernetes-ingress-controller:1.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: ingress-controller
ports:
- containerPort: 8080
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
serviceAccountName: kong-serviceaccount