I have an Openshift cluster created inside Azure cloud provider.
I have created some pods and exposed some of them to outside the cluster using Routes.
The route generally comes with some default canonical name something like below
"http://vote-voting-application.apps.xxxxxx.southeastasia.aroapp.io" .
Lets assume I have a domain name called avenir.com , How can I configure my openshift cluster to use this domain name avenir.com to use instead of "apps.xxxxxx.southeastasia.aroapp.io".
Please help in achieving this .
Any type of help is highly appreciated.
Thanks in Advance :)
OpenShift Routes will default to an auto-generated hostname but that can be overridden by setting .spec.hostname
For example:
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: frontend
spec:
host: avenir.com
...
OpenShift uses something.apps.cluster-name.domain by default because it sets up wildcard DNS to return the IP of the ingress VIP.
NOTE: You are responsible for setting up DNS to direct traffic for avenir.com to your ingress VIP. You could simply make the DNS record for avenir.com a CNAME to something.apps.cluster-name.domain (or in your example something.apps.xxxxxx.southeastasia.aroapp.io)
Related
I deployed an application in an Azure K8S cluster, using NGINX as gateway, with a public static IP, based on AKS & PUBLIC-IP and on AKS & NGINX.
Now I need to deploy the application in an Azure private cluster, ie, running in a private vnet (see CREATE PRIVATE AKS); attempting to assign a public static IP to NGINX does not work, which can be expected as the load-balancer expects a private IP, not a public IP.
How can I provide inbound access to my app hosted in a private cluster, using NGINX and a public static IP?
Hi you have two ways two achieve that...Depending on your needs (and Azure costs...):
1-Use Azure Application Gateway. For myself I use Terraform. And here you can the see official documentation regarding internal IP address.
Now you can use this one as your new Ingress (and get rid of NGINX) like:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: guestbook
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- http:
paths:
- backend:
serviceName: frontend
servicePort: 80
Or you could use NGINX internally as your ingress like explained on option 2.
2- First you must have a Public IP with a Load Balancer associated with it.The backend from that LB must be up to your needs.
But here is the trick...Do not create NGINX with that public IP but with an internal IP and an internal load balancer, you can see how to do that in the following url:
https://learn.microsoft.com/en-us/azure/aks/ingress-internal-ip
And the important thing you must do is the nginx ovveride on the helm parameters:
controller:
service:
loadBalancerIP: 10.240.0.42
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
Of course the internal VNET must be created an the load balancer IP must be a correct one.
And the final trick now that you have NGINX listening behind a private IP is to verify your traffic from the Public IP is redirected to that internal VNET...Of course it depends on how you have infrastructure setup behind that LB that holds the public IP.
As stated in the comment above you can do the same via Application Gateway in Azure. But if you are going to only use AKS you might want to just use Application Gateway as your ingress controller which is already created with the private cluster.
Please follow this to achieve the same https://microsoft.github.io/AzureTipsAndTricks/blog/tip256.html
Based on your description i understand that you want to have ingress traffic through your NGINX ingress controller which has a Loadbalancer service with static IP. If your deployment is correctly configured the a Loadbalancer service should be assigned to your NGINX ingress controller with a public IP. Since i dont know your namespaces, naming of deployments etc try:
kubectl get services --all-namespaces | grep -i loadbalancer
You should be able to find that an nginx loadbalancer service has a public IP. Now since NGINX is your ingress controller this means that you have a Layer 7 loadbalancer as ingress so you need to create an ingress route to your application running in AKS. This is documented here from Azure NGINX ingress but also here Ingress K8s
I have created the k8s cluster
with ingress enabled using helm chart.
I would like to resolve my cluster IP with specific name using azure.
Please find the below scenerios for cluster :
1. k8s clsuter name: deb-aks
2. k8s dns prefix : dev-aks-dns
3. Ingress enabled using helm chart.
4. Cluster IP : 13.72.186.11
5. I would like to change the IP address i.e. mentioned above to some url like http://devaks.work.com/[Ingress Routes]
6. How can give that name to resolve IP address ?
7. Pltaform : Aure Kubernetes, NgInx using helm, ACR.
you will need to install external-dns
Chart: https://github.com/bitnami/charts/tree/master/bitnami/external-dns
This will allow you to set an annotation on your nginx ingress controller Service (or create a CRD dnsendpoints) which will tie the Public IP you are getting on your Load Balancer service type with a DNS entry of your choice.
You will need to own a domain/zone and configure your Internal DNS chart to be able to configure your DNS of choice.
Here's a list of supported DNS provider the external-dns supports: https://github.com/kubernetes-sigs/external-dns#the-latest-release-v06
Here's a full example on how to use external-dns with Azure Zones: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/azure.md
I created AKS with internal ingress Nginx. This comes up like below in the cluster.
Then I created Azure private DNS Service. In the Azure private DNS service, I created a 'Record set' like
Blockquote
Technically, i should be able to access LoadBalancer External ip with promotion.mydomain.com (as example). Insted of this, I'm having '502 Bad Gateway' error when i hit http://promotion.mydomain.com in the browser. Any advice?
I faced the same issue and have been able to solve it recently.
I created another Ingress but in the desired namespace (mine was default) with the following definition :
(I have enabled tls but you can remove that part)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: my-custom-ingress
spec:
tls:
- hosts:
- foo.mydomain.com
secretName: my-tls-secret
rules:
- host: foo.mydomain.com
http:
paths:
- path: /
backend:
serviceName: my-foo-app-service-nodeport
servicePort: 4444
First of all find the EXTERNAL IP of your nginx ingress and keep it in mind:
kubectl get svc --namespace ingress-basic
Then in the Azure DNS zone you can attach the domain to an Azure Resource :
Open azure portal.
Go in the MC_... resource group created by your AKS cluster.
Find the LoadBalancer resource and click it.
On the LoadBalancer, go into "Frontend IP Configuration". You'll then see a list of public IP with a related ResourceId (example: 11.22.33.44 (xxx-yyyy-bbb))
Find the IP that is corresponding to the LoadBalancer IP you found on the LoadBalancer (before step 1) and memorize the associated object id.
Open you Azure DNS zone and create new domain (or edit one)
Set "Alias Record Set: Yes" then "Alias type: Resource"
Under "Azure Resource" find the resource that has the ResourceId you found in step 5 and select it.
Save
Now it should work.
I see your purpose is to create AKS with internal Ingress Nginx and use the custom DNS. And I see your Ingress external IP is 10.240.0.42. It seems it's a private IP of the subnet which you AKS nodes in.
So I think you need to create An Azure Application Gateway or Azure Load Balancer to route your request from the Internet to your internal Ingress Nginx interface. And the A record also needs to be changed, you need to change the IP into the public IP of the one which you choose from Azure Application Gateway and Azure Load Balancer. I think you know you need to update your custom DNS setting in the DNS server which you DNS in.
When all things are being done. The requests routing path will like this:
Internet ( your custom DNS)
Azure DNS Server
Azure Public IP of the Application Gateway or Load Balancer ( this is what I think you missed)
10.240.0.42 ( ingress Nginx internal IP)
AKS Ingress Nginx
Service
Deployment or Pod
How to add multiple ingress or Load balancers in kubernetes for separate services,
here is the post who I ended up creating a ingress to my sub-domain. Is there any way we can specific the same IP address created by GCE to launch multiple Ingress resources.
I am using GCE for hosting my cluster. If there is a better way to handle this scenario to have multiple resources to expose a service with a sub-domain www.app1.domain.com, www.app2.domain.com which are entirely different apps and have two ingress resources that point to two these specific services using same external IP address.
From the post I could able to create but unable to specify the external IP address to it.
Any help is much appreciated, thank you.
You can just define multiple Ingress resources and put them to Kubernetes - they don't have to be in the same yaml file. All ingress resources share the same proxy and they are routed via the defined hostname and path to the wanted service.
I am not sure what you mean with the external IP address.
If my application runs on GKE, will this give me the flexibilty to run a SaaS product where customers use their own domain names?
The one thing I need to confirm is that I want my customers to be able to use their own custom domains and point them (A-record and CNAME) to my service's IP address.
Example, say I am creating a SaaS product that is a CMS. Customers will use their own domain name and point it to my service's IP like:
My SaaS runs on example.com
Customers will have their own domain and do the following DNS changes:
A record 1.2.3.4
CNAME to myservice.example.com
Will I need to do anything else to allow my customers to use their domain name? This has to scale to tens of thousands of domains (in theory).
I'm not sure when I run a GKE cluster, do I get a static IP address?
You can use an ingress resource, which is an HTTP(S) Load Balancer, to expose your application in GKE using a global static IP. If you have your application deployed, the next steps are:
Create a global static IP.
gcloud compute addresses create your-static-ip-name --global
Once you have it reserved, create an ingress resource with:
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.global-static-ip-name: your-static-ip-name
You can get more detailed information in the official docs to Configure Domain Names with Static IP Addresses