I have a service defined of type
ExternalName that is a proxy to a service in another namespace:
--- kind: Service apiVersion: v1 metadata: name: my-service-proxy namespace: namespace-a spec: type: ExternalName externalName: my-service.namespace-b.svc.cluster.local
I have no problems accessing this service from pods within
namespace-a. For example,
curl my-service-proxy reaches the proxied service in
namespace-b without any problems.
The issue occurs when I try to create an ingress using this service as a backend. For example:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress namespace: namespace-a annotations: cert-manager.io/cluster-issuer: letsencrypt kubernetes.io/ingress.class: nginx spec: tls: - hosts: - my.app.com secretName: my-secret-name rules: - host: my-app.com http: paths: - path: / pathType: Prefix backend: service: name: my-service-proxy port: number: 80
The ingress is created successfully. However, when querying the ingress, the system is telling me that it cannot find the
my-service-proxy resource (and I cannot route requests through to the ingress, getting 404 from the NGiNX ingress controller):
$ kc describe ingress my-ingress Name: my-ingress Namespace: namespace-a Address: xxxxxxxxxxxxxxxxxxxx.elb.eu-west-2.amazonaws.com TLS: my-secret-name terminates my.app.com Rules: Host Path Backends ---- ---- -------- my.app.com / my-service-proxy:80 (<error: endpoints "my-service-proxy" not found>) Annotations: cert-manager.io/cluster-issuer: letsencrypt kubernetes.io/ingress.class: nginx Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CreateCertificate 9m24s cert-manager Successfully created Certificate "my-secret-name" Normal Sync 8m47s (x3 over 9m24s) nginx-ingress-controller Scheduled for sync
This works in Digital Ocean, but not Amazon EKS
This exact setup works in my Digital Ocean kubernetes cluster with identical manifests. It fails to work in any of our Amazon EKS clusters using Kubernetes API version 1.21.2.
- The ExternalName service and the ingress that uses it as a backend are in the same namespace
- The ExternalName service definition is working fine
- The ingress definition appears to not recognize it the service only on EKS as far as I can tell
Any clues? I’m completely lost and web searching is not coming up with anything useful.