Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingress support for ExternalName services #836

Open
Milstein opened this issue Nov 27, 2024 · 0 comments
Open

Ingress support for ExternalName services #836

Milstein opened this issue Nov 27, 2024 · 0 comments
Labels
openshift This issue pertains to NERC OpenShift support-ticket

Comments

@Milstein
Copy link

Dear NERC,

I have noticed that ingress doesn't work with ExternalName services. For example:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-openshift
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hello-openshift
  template:
    metadata:
      labels:
        app: hello-openshift
    spec:
      containers:
      - name: hello-openshift
        image: quay.io/openshift/origin-hello-openshift:latest
        ports:
        - name: http
          containerPort: 8080

---

kind: Service
apiVersion: v1
metadata:
  name: hello-openshift
spec:
  type: ClusterIP
  ports:
    - name: http
      protocol: TCP
      port: 8080
      targetPort: 8080
  selector:
    app: hello-openshift


---

kind: Service
apiVersion: v1
metadata:
  name: hello-openshift-externalname
spec:
  type: ExternalName
  externalName: hello-openshift.chris-3114b1.svc.cluster.local  # hard-coded namespace
  ports:
    - name: http
      protocol: TCP
      port: 8080
      targetPort: 8080

---

apiVersion: v1
kind: Pod
metadata:
  name: curl
spec:
  containers:
  - name: sleep
    image: quay.io/curl/curl:latest
    command: ['/bin/sleep', '3600']
  restartPolicy: Always
  terminationGracePeriodSeconds: 1

We can test that the Deployment, ClusterIP Service, and ExternalName Service are all working:

oc exec -it curl -- curl http://hello-openshift/:8080
oc exec -it curl -- curl http://hello-openshift-externalname/:8080

So far, so good. Next, I want to create an ingress for these services.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-openshift
  annotations:
    cert-manager.io/issuer: letsencrypt
    acme.cert-manager.io/http01-ingress-class: openshift-default
spec:
  ingressClassName: openshift-default
  tls:
    - hosts:
        - blt.chrisproject.org
      secretName: blt-chrisproject-org-letsencrypt
  rules:
    - host: blt.chrisproject.org
      http:
        paths:
          - path: /vanilla
            pathType: Prefix
            backend:
              service:
                name: hello-openshift
                port:
                  number: 8080
          - path: /externalname
            pathType: Prefix
            backend:
              service:
                name: hello-openshift-externalname
                port:
                  number: 8080

Now checking whether the ingress works:

curl https://blt.chrisproject.org/vanilla       # ok
curl https://blt.chrisproject.org/externalname  # error

I don't know why it's not working, but it would be cool if it did.

I deleted the ingress, so to reproduce this issue you'll have to use your own ingress and domain name.

What I am trying to do might raise eyebrows, so to avoid the XY problem I will explain my motivation. My ultimate goal is to host a static (single-page application) web app using NERC-OCP. While this is simple enough to do by creating a deployment+ingress ordinarily, I am exploring possibly more efficient alternate solutions (premature optimization is my hobby). What if I could put the static files (HTML+CSS+JS) in some object storage (either an ObjectBucketClaim on NERC-OCP or OpenStack Swift Storage) and serve it directly using Kubernetes ingress? It would achieve website hosting with high levels of abstraction and zero user-managed pods!

Here is what I tried, but does not work:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: blt-chrisproject-org
  namespace: chris-3114b1
  annotations:
    cert-manager.io/issuer: letsencrypt
    acme.cert-manager.io/http01-ingress-class: openshift-default
    nginx.ingress.kubernetes.io/backend-protocol: https
    nginx.ingress.kubernetes.io/upstream-vhost:  stack.nerc.mghpcc.org
    nginx.ingress.kubernetes.io/proxy-ssl-name: stack.nerc.mghpcc.org
spec:
  ingressClassName: openshift-default
  tls:
    - hosts:
        - blt.chrisproject.org
      secretName: blt-chrisproject-org-letsencrypt
  rules:
    - host: blt.chrisproject.org
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: swift
                port:
                  number: 13808
---
kind: Service
apiVersion: v1
metadata:
  name: swift
spec:
  type: ExternalName
  externalName: stack.nerc.mghpcc.org
  ports:
    - name: https
      protocol: TCP
      port: 13808
      targetPort: 13808

If you have any alternate solutions for (single page application) website hosing on NERC without user-managed pods, please let me know.

p.s. please consider this a low-priority issue.

I got the idea from https://adrien.poupa.net/serving-s3-bucket-kubernetes-ingress-nginx/
@Milstein Milstein added openshift This issue pertains to NERC OpenShift support-ticket labels Nov 27, 2024
@Milstein Milstein changed the title Hosting a Single Page Application (SPA) website hosing on NERC without user-managed pods, Hosting a Single Page Application (SPA) website hosing on NERC without user-managed pods. Nov 27, 2024
@Milstein Milstein mentioned this issue Nov 27, 2024
Open
@larsks larsks changed the title Hosting a Single Page Application (SPA) website hosing on NERC without user-managed pods. Ingress support for ExternalName services Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
openshift This issue pertains to NERC OpenShift support-ticket
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Milstein