Comments (13)
Confirming I saw this as well in evaluating.
from kubernetes-ingress.
@git001 there is an issue however how named ports are handled and issues similar to this one will be resolved soon (next week).
clinet-go witch is used here is finally released with go modules support,
so it can be used, and with that, endpoints part seems to be working as expected now,
so we can switch to it
from kubernetes-ingress.
from version 1.1.2 controller is using Endpoints api from k8s,
and named ports are also supported.
from kubernetes-ingress.
Thanks @joliver and @lentzi90 for reporting this.
This commit should makes this available.
You can give it a try by pulling the dev tag image and let me know if this completely answer you requirements.
from kubernetes-ingress.
named targetPort in service is not supported yet
However from example above
in ingress you have servicePort: http
that means that path should go to service foo-app
and named port http
when we look at service , service has port with name http and it is port 80 and targetPort: http
if target port was 8080, it would have worked
i understand that ingress allows defining ports in multiple ways
and some of them are not supported yet.
from kubernetes-ingress.
@Meroje I don't think it's a good idea to put the service into the server line as the service is just another abstraction and increases latency, imho.
from kubernetes-ingress.
cool thanks.
from kubernetes-ingress.
I run into this issue today so it doesn't seem solved.
My Service is exposing port 80, the Deployment is using port 3000. HAproxy tried to use the Pod IP with the Service port (which obviously failed). I used this manifest to install haproxy.
As someone who has worked with Kubernetes for the past 2-3 years, I was very surprised that HAproxy was "skipping" the Service and going straight for the Pods. I understand that this can give some benefits from HAproxy-specific features. However, I think it should be opt-in (or opt-out but with a big note), especially if there are unsupported features like named ports.
One more comment:
I'm no expert on networking so please correct me if I'm wrong, but I don't think there are any extra hops (maybe some latency) due to Kubernetes services. They use iptables or IPVS as documented here. On the other hand, you risk loosing out on Kubernetes native features by bypassing Services. For example, there is work on topology aware routing, which would make it possible to try to keep network traffic within zones or on the same node. I guess this would be quite a lot of (duplicate) work to add to HAproxy.
These are the resources I used when I run into this:
apiVersion: v1
kind: Service
metadata:
name: gitea
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: http
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
spec:
template:
spec:
containers:
- name: gitea
image: gitea/gitea:1.9.4
ports:
- name: http
containerPort: 3000
- name: ssh
containerPort: 22
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: gitea
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
haproxy.org/check: "enabled"
haproxy.org/check-http: "GET /"
ingress.kubernetes.io/ingress.class: haproxy
spec:
tls:
- secretName: gitea-cert
hosts:
- gitea.jern.me
rules:
- host: gitea.jern.me
http:
paths:
- backend:
serviceName: gitea
servicePort: http
from kubernetes-ingress.
I don't know of any ingress that doesn't talk to endpoints.
from kubernetes-ingress.
@Meroje what do you mean? Are all ingress-controllers checking endpoints? In that case I'm sorry for criticizing HAproxy but I have never run into a bug like this before and it made me quite worried about HAproxy as ingress-controller.
from kubernetes-ingress.
While using version 1.2.4
of the haproxy-ingress-controller
, it appears that having a Service
definition with a named targetPort
isn't working just yet.
kind: Deployment
apiVersion: apps/v1
metadata:
name: echo
spec:
selector:
matchLabels:
app: echo
template:
metadata:
labels:
app: echo
spec:
containers:
- name: echo
image: jmalloc/echo-server
ports:
- name: pod-http
containerPort: 8080
---
kind: Service
apiVersion: v1
metadata:
name: echo-svc
spec:
selector:
app: echo
ports:
- name: http
port: 80
targetPort: pod-http # works with 8080
---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: echo-ing
spec:
rules:
- host: echo-host
http:
paths:
- path: /
backend:
serviceName: echo-svc
servicePort: http
If the targetPort
is changed to use the numeric containerPort
value of 8080
, it works great.
Perhaps related, perhaps note, there's an added quirk. As has already been mentioned in this thread,the servicePort
within the Ingress
definition can be changed to pod-http
almost without regard to the Service
settings:
kind: Deployment
apiVersion: apps/v1
metadata:
name: echo
spec:
selector:
matchLabels:
app: echo
template:
metadata:
labels:
app: echo
spec:
containers:
- name: echo
image: jmalloc/echo-server
ports:
- name: pod-http
containerPort: 8080
---
kind: Service
apiVersion: v1
metadata:
name: echo-svc
spec:
selector:
app: echo
ports:
- name: http
port: 81 # unused?
targetPort: 8080
---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: echo-ing
spec:
rules:
- host: echo-host
http:
paths:
- path: /
backend:
serviceName: echo-svc
servicePort: pod-http
This ingress controller is great and I'm glad you guys are making it happen. I'm just putting this out there for anyone who finds the same issue.
from kubernetes-ingress.
@Mo3m3n the commit solved it for me.
from kubernetes-ingress.
Working for me as well, thanks!
from kubernetes-ingress.
Related Issues (20)
- haproxy ingress forward request to service based on header check HOT 2
- Order in path type HOT 1
- Annotation haproxy.org/route-acl disrupts path resolution when we have many paths for a domain HOT 3
- --http-bind-port=80 does not work. binds on 8080 HOT 12
- support for blue green deployments using weights based on headers or cookies HOT 1
- Tcp log format release HOT 1
- File transmission reset every one minute. HOT 5
- Backend maxconn config not working properly when running multiple ingress controllers HOT 1
- Falls back to HTTP-over-443 if the ConfigMap specified through --configmap is missing (even with --disable-http option) HOT 5
- Global option `tune_ssl_default_dh_param` has no effect HOT 3
- Not able to add `send-proxy` option to a TCP service HOT 2
- In TCP service sometime we get client_ip as an internal ip how can we get an external ip in tcp log HOT 5
- default-local-service_http error setting check: true on cr-backend HOT 5
- Default certificate does not exist HOT 6
- Configure accept-proxy HOT 4
- ingress with wildcard and ssl-passthrough take always precedence over https subdomain HOT 6
- Inconsitent balancing HOT 11
- --ipv6-bind-address causes 'bind' missing port specification in HOT 3
- Latest versions of each HAProxy release are not available in ingress HOT 3
- binding to privileged port fail HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-ingress.