NodePort
In NodePort
type Ingress, HAProxy pods are exposed via a NodePort type Kubernetes service named voyager-${ingress-name}
. To enable this, apply the ingress.appscode.com/type: NodePort
annotation on a Ingress object.
How It Works
First, install Voyager operator in your cluster following the steps here.
Then, deploy and expose a test server.
$ kubectl run test-server --image=gcr.io/google_containers/echoserver:1.8
deployment "test-server" created
$ kubectl expose deployment test-server --type=LoadBalancer --port=80 --target-port=8080
service "test-server" exposed
- Now, create an Ingress with
ingress.appscode.com/type: NodePort
annotation.
$ kubectl apply -f test-ingress.yaml
apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
name: test-ingress
namespace: default
annotations:
ingress.appscode.com/type: NodePort
spec:
rules:
- host: voyager.appscode.test
http:
paths:
- path: /foo
backend:
service:
name: test-server
port:
number: 80
$ kubectl get pods,svc
NAME READY STATUS RESTARTS AGE
po/test-server-68ddc845cd-x7dtv 1/1 Running 0 4h
po/voyager-test-ingress-5b758664f6-4vptr 1/1 Running 0 1m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2d
svc/test-server LoadBalancer 10.105.13.31 <pending> 80:30390/TCP 21h
svc/voyager-test-ingress NodePort 10.107.182.219 <none> 80:30800/TCP 39m
$ minikube service --url voyager-test-ingress
http://192.168.99.100:30800
$ curl -v -H 'Host: voyager.appscode.test' 192.168.99.100:30800/foo
* Trying 192.168.99.100...
* Connected to 192.168.99.100 (192.168.99.100) port 30800 (#0)
> GET /foo HTTP/1.1
> Host: voyager.appscode.test
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 14 Feb 2018 09:34:30 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Server: echoserver
<
Hostname: test-server-68ddc845cd-x7dtv
Pod Information:
-no pod information available-
Server values:
server_version=nginx: 1.13.3 - lua: 10008
Request Information:
client_address=172.17.0.6
method=GET
real path=/foo
query=
request_version=1.1
request_uri=http://voyager.appscode.test:8080/foo
Request Headers:
accept=*/*
connection=close
host=voyager.appscode.test
user-agent=curl/7.47.0
x-forwarded-for=172.17.0.1
Request Body:
-no body in request-
* Connection #0 to host 192.168.99.100 left intact
External IP
If you are using NodePort type Ingress, you can specify externalIPs
for the NodePort service used to export HAProxy pods.
If you are running Voyager as Ingress controller in your baremetal
cluster and want to assing a VIP to the HAProxy service for a highly available Ingress setup, you should use this option.
Below is an example Ingress yaml that shows how to specify externalIPs:
apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
name: test-ingress
namespace: default
annotations:
ingress.appscode.com/type: NodePort
spec:
externalIPs:
- a.b.c.d
rules:
- host: voyager.appscode.test
http:
paths:
- path: /foo
backend:
service:
name: test-server
port:
number: 80
Understanding ingress.appscode.com/use-node-port
annotation
When you are using NodePort
type Ingress, your external clients (example, web browser) can connect to your backend services in 2 ways:
You may expose the NodePort service using an external hardware loadbalancer (like F5) or software loadbalancer like ALB in AWS. In these scenarios, the front loadbalancer will receive connections on service port from external clients (like web browser) and connect to the HAProxy NodePorts. So, HAProxy will see that incoming traffic is using Host like
domain:ing-port
. To ensure that HAProxy matches against the NodePort, use the annotationingress.appscode.com/use-node-port: "false"
. This is also considered the default value for this annotation. So, if you do not provide this annotation, it will be considered set tofalse
.Using the
NodePort
assigned to the HAProxy service. In this scenarios, external traffic directly hits the HAProxy NodePort service. So, HAProxy will see that incoming traffic is using Host likedomain:node-port
. To ensure that HAProxy matches against the NodePort, use the annotationingress.appscode.com/use-node-port: "true"
. To ensure that HAProxy service ports stay fixed, define them in the Ingress YAML following: https://github.com/voyagermesh/gateway-docs/blob/master/docs/guides/ingress/configuration/node-port.md
Below is an example Ingress with ingress.appscode.com/use-node-port
annotation:
$ kubectl apply -f test-ingress.yaml
apiVersion: voyager.appscode.com/v1
kind: Ingress
metadata:
name: test-ingress
namespace: default
annotations:
ingress.appscode.com/type: NodePort
ingress.appscode.com/use-node-port: "true"
spec:
rules:
- host: voyager.appscode.test
http:
paths:
- path: /foo
backend:
service:
name: test-server
port:
number: 80
$ curl -v -H 'Host: voyager.appscode.test:30800' 192.168.99.100:30800/foo
* Trying 192.168.99.100...
* Connected to 192.168.99.100 (192.168.99.100) port 30800 (#0)
> GET /foo HTTP/1.1
> Host: voyager.appscode.test:30800
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 14 Feb 2018 09:47:43 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Server: echoserver
<
Hostname: test-server-68ddc845cd-x7dtv
Pod Information:
-no pod information available-
Server values:
server_version=nginx: 1.13.3 - lua: 10008
Request Information:
client_address=172.17.0.6
method=GET
real path=/foo
query=
request_version=1.1
request_uri=http://voyager.appscode.test:8080/foo
Request Headers:
accept=*/*
connection=close
host=voyager.appscode.test:30800
user-agent=curl/7.47.0
x-forwarded-for=172.17.0.1
Request Body:
-no body in request-
* Connection #0 to host 192.168.99.100 left intact