in

Kubernetes Ingress with ExternalName service backend: in EKS fails with "endpoint not found"


I have a service defined of type ExternalName that is a proxy to a service in another namespace:

---
kind: Service
apiVersion: v1
metadata:
  name: my-service-proxy
  namespace: namespace-a
spec:
  type: ExternalName
  externalName: my-service.namespace-b.svc.cluster.local

I have no problems accessing this service from pods within namespace-a. For example, curl my-service-proxy reaches the proxied service in namespace-b without any problems.

The issue occurs when I try to create an ingress using this service as a backend. For example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  namespace: namespace-a
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
    - my.app.com
    secretName: my-secret-name
  rules:
  - host: my-app.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service-proxy
            port:
              number: 80

The ingress is created successfully. However, when querying the ingress, the system is telling me that it cannot find the my-service-proxy resource (and I cannot route requests through to the ingress, getting 404 from the NGiNX ingress controller):

$ kc describe ingress my-ingress

Name:             my-ingress
Namespace:        namespace-a
Address:          xxxxxxxxxxxxxxxxxxxx.elb.eu-west-2.amazonaws.com
TLS:
  my-secret-name terminates my.app.com
Rules:
  Host                          Path  Backends
  ----                          ----  --------
  my.app.com                    /     my-service-proxy:80 (<error: endpoints "my-service-proxy" not found>)

Annotations:                    cert-manager.io/cluster-issuer: letsencrypt
                                kubernetes.io/ingress.class: nginx
Events:
  Type    Reason             Age                    From                      Message
  ----    ------             ----                   ----                      -------
  Normal  CreateCertificate  9m24s                  cert-manager              Successfully created Certificate "my-secret-name"
  Normal  Sync               8m47s (x3 over 9m24s)  nginx-ingress-controller  Scheduled for sync

This works in Digital Ocean, but not Amazon EKS

This exact setup works in my Digital Ocean kubernetes cluster with identical manifests. It fails to work in any of our Amazon EKS clusters using Kubernetes API version 1.21.2.

Summary

  • The ExternalName service and the ingress that uses it as a backend are in the same namespace
  • The ExternalName service definition is working fine
  • The ingress definition appears to not recognize it the service only on EKS as far as I can tell

Any clues? I’m completely lost and web searching is not coming up with anything useful.

TIA



Source: https://stackoverflow.com/questions/70716924/kubernetes-ingress-with-externalname-service-backend-in-eks-fails-with-endpoin

Google Earth Based Geoscience Video Library Built With React.js

OSINT tools for website research