Questions tagged as ['nginx-ingress']
Azure Kubernetes - AKS - K8s version - 1.20.9.
Trying to setup multiple nginx ingress with Internal LB.
ingress controller with ingress-class -
helm install test1 ingress-nginx/ingress-nginx \
--set controller.replicaCount=1 \
--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set controller.ingressCla ...
In general, my question about setting up a default certificate is answered here: Kubernetes ingress How to set default-ssl-certificate?.
What I don't understand is this part: I'm supposed to add the flag --default-ssl-certificate=kube-system/host-cert as the Ingress' argument. And to discover the YAML config file settings of the NGINX Ingress Controller I should check it with command like: kubectl ...
What I'm trying to do is launching the Kubernetes Dashboard on my cluster.
The Dashboard was installed using Kubespray, so I'm pretty sure it's installed correctly (at least its pods run without errors).
Cluster's setup overview is the following:
$ kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default ...
Recently I'm having many malicious requests to my nginx-ingress pod but I don't understand how's possible they're from a private network. Some examples:
10.114.0.3 - - [11/Oct/2021:09:07:09 +0000] "GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts HTTP/1.1" 400 158 "-" "-" 94 0.015 [] [] - - - - bea3d4941bd57413fa52e4ff01437067
10.114.0.3 - - [11/Oct/2021:09:07:09 ...
I have a k3s cluster with a master on a cloud VPS but with 2 remote worker nodes, both on the same network. They're connected via a VPN to the cloud provider. The worker nodes were able to join just fine and were able to create new pods, but it seems that communication is a problem because I can't contact the pods from an Ingress.
When I run my Traefik Ingress (I tried Nginx too, same result), it ...
On our k8s cluster we use NGINX Ingress Controller to request the clients (web-browsers) to provide a client certificate. If the certificate is valid, the request ist proxied to a full-blown Apache Server inside the private network.
The nginx <> Apache communication is not TLS encrypted. Using the Option 'nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"' on the ngni ...
I am trying to deploy a NestJS app with Kubernetes on DigitalOcean and I have followed this tutorial, but I am always getting a 502 Bad Gateway from the nginx-ingress-controller.
That's my deployment.yaml
---
apiVersion: v1
kind: Service
metadata:
name: nestjs-api
spec:
ports:
- port: 80
targetPort: 3001
selector:
app: nestjs-api
---
# Create nestjs-api
apiVersion: apps/v1
kind: ...
Helloy. Im building infa with kubernetes for apps with nonstandart tls ports how u think what a best way create ingress-controller(nginx, traefik, ..) with 9001 9002 9003 tls ports and loadbalance. infra in cloud and i have a cloud loadbalancer ofc. Im thinking about create 3 diffrent nginx-ingress-controller with diffrenet tls ports .. like : 1-nginx-ingress-controller-->tls 9001 2-nginx-ingress-con ...
I'm trying to get Nginx (running as a Kubernetes ingress controller) to log in milliseconds rather then seconds. (This is so we can ingest the logs into our existing Elasticsearch system, which already has other systems logging in ms)
Based on this blog post I've tried the following in the 'http' context:
map $host $request_time_ms {
default 'test';
}
log_by_lua_block {
ngx.var.request_ti ...Im trying create wildcard cert on Rancher kubernetes engine behind cloud loadbalancer. After install rancher i have a Issuer:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
annotations:
meta.helm.sh/release-name: rancher
meta.helm.sh/release-namespace: cattle-system
creationTimestamp: "2021-09-21T12:10:25Z"
generation: 1
labels:
app: rancher
app.kubernetes.io/managed- ...
I have a baremetal K8 cluster setup using Kubespray (Calico as CNI) and have dual stack enabled. I can see that all the pods that get deployed get both IPv4 and IPv6 addresses but when I try to install nginx-ingress controller using nginx helm chart the services only have IPv4 enabled and assigned. I can see the following spec when I do kubectl get on the service:
kubectl get svc ingress-nginx-cont ...
I'm trying to write an autoscaling configuration for ingress-nginx, deployed via helm chart.
my goals are:
- 3 minimum replicas (because I have 3 nodes minimum)
- ensure only one nginx per node, but:
- be elastic, if autoscale says we need 4 nginx allow for a node in the cluster to have 2
- if a fourth node gets added, ensure a new nginx gets spawned
https://github.com/kubernetes/ingress-nginx/blob/main/ch ...
I deployed bitnami/wordpress helm using nginx ingress as loadbalancer like here. Everything working fine but problem is with some pods when they are created manually or automaticly by autoscaling. Some of them (not all) have all time "ContainerCreating" status and logs look like this:
Normal Scheduled 33m default-scheduler Successfully assigned default/wordpress-69c8f65d96- ...
Is there any way to assign static IP to Kubernetes cluster, in which any user can able to access its application over static IP only.
for an example, I have set up a cluster over 192.168.0.131 (master), 192.168.0.132(worker1) and 192.168.0.133(worker 2). One dotnet application is running on nodeport 32000, which is accessible over all the cluster as expected.
Now I have to assign one IP which commun ...
I need to duplicate/mirror the traffic comming to my server.
I mean, I have N backend servers A1 A2 ... An(n>=2) and a nginx as reverse-proxy&load-balancer.
All the traffic comming to Nginx redirect to both Ax and Ay(x!=y) in parallel, if one of the server is down(timeout or 5xx), then the other server's response can be used immediately and return the result to the client.
By mirroring the traffic( ...
I have the following configuration in nginx for redirecting in a certain scenario.
location /prefix-someurl {
if (condition) {
return 301 $scheme://$host/xyz.html;
}
proxy_pass someValue;
}
and in another block there are some rewrite rules like this
location /someurl {
if (condition) {
rewrite ^(.*)abc(.*)$ $1test/abc$2 break;
rewrite ...
I have just successfully installed pgadmin app on Kubernetes but I am having troubles with ingress nginx.
I have an internal reversed proxy in front of pgadmin app to host it under a subdirectory. I am simply following documentation to achieve that. The nginx.conf file looks like this:
user nginx;
worker_processes 1;
events {
worker_connections 10240;
}
http {
server {
listen 80;
...
Is that possible to assign pod an IP address which the same as the IP range of my K8s node?
For example:
I have an on-premise K8s cluster that includes 3 work nodes. All nodes are using the 10.138.1.0/24 IP range as INTERNAL-IP. It is the IP address of the server NIC.
Can I use the 10.138.1.100 IP address in my pod?
I am very new to K8s, any help is appreciated!
I try use certificate and DNS http://my.local-ip.co/ in Kubernetes.
I download certificate and key. Create ingress-tls secret.
kubectl create secret tls ingress-tls --key /tmp/server.key --cert /tmp/bundled_cert_file.pem
Try install kubernetes dashboard by helm with ingress-tls secret:
helm install kube-dashboard --set ingress.enabled=true \
--set protocolHttp=true \
--set service.externalPort=9090 \ ...
I got 3 node on aws eks.
I want to use mysql client and access the database via Nginx Ingress.
this is my yaml.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: ext-nginx
nginx.ingress.kubernetes.io/rewrite-target: /
name: ext-nginx-ingress
namespace: ext-nginx-ingress
spec:
rules:
- host: mysql.***********.com
http:
...
I am setting a Kubernetes cluster on bare metal. I used Kubeadm for the installation. To make my services accessible from outside the cluster, I installed an NGINX Ingress, using the following documentation : NGINX doc
Because I don't want to communicate with my services without TLS security, I configured the certificate thanks to cert-manager : Cert-manager doc.
$kubectl get certificate
NAME ...
I'm trying to access Kubernetes Dashboard using NGINX INGRESS but for some reason I'm getting a 503 error.
I'm running Kubernetes locally in my macbook with docker desktop.
First thing I did was apply/install NGINX INGRESS CONTROLLER
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/cloud/deploy.yaml
Second thing I did was to appl ...