Search code examples
kubernetes-ingress

Kubernetes ingress same path multiple ports

After much googling and searching (even here), I'm not able to find a definitive answer to my question. So I hope someone here might be able to point me in the right direction.

I have a Kube Service definition that's already working for me, but right now I've simply exposed it with just a LoadBalancer. Here's my current Service yaml:

apiVersion: v1
kind: Service
metadata:
  name: my-service
  namespace: namespace1
  labels:
    app: my-service
spec:
  type: LoadBalancer
  selector:
    app: my-service
    tier: web
  ports:
  - name: proxy-port
    port: 8080
    targetPort: 8080
  - name: metrics-port
    port: 8082
    targetPort: 8082
  - name: admin-port
    port: 8092
    targetPort: 8092
  - name: grpc-port
    port: 50051
    targetPort: 50051

This is obviously only TCP load-balanced. What I want to do is secure this with Mutual TLS, so that the server will only accept connections from my client with the authorized certificate.

From all I can tell in Kube land, what I need to do that is an Ingress definition. I've been researching all the docs I can find on kind:Ingress and I can't seem to find anything where it allows me to create a single Ingress with multiple ports on the same path!

Am I missing something here? Is there no way to create a K8s Ingress that simply has the same functionality as the above Service definition?

Solution

  • To my knowledge you cannot use custom ports (e.g 8080) for HTTPS LoadBalancer backed with Ingress Controller (e.g. NGINX HTTP(S) Proxy), as currently the port of an Ingress is implicitly :80 for http and :443 for https, as official doc reference for IngressRule explains.

    I think the workaround would be to use different host per service, like with this example of Ingress resource:

    apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: name-virtual-host-ingress
spec:
  rules:
  - host: proxy.foo.com
    http:
      paths:
      - backend:
          serviceName: proxy-svc
          servicePort: 8080
  - host: metrics.foo.com
    http:
      paths:
      - backend:
          serviceName: metrics-svc
          servicePort: 8082
  - host: admin.foo.com
    http:
      paths:
      - backend:
          serviceName: admin-svc
          servicePort: 8092
  - host: grpc.foo.com
    http:
      paths:
      - backend:
          serviceName: grpc-svc
          servicePort: 50051