Is there a way to make a Kubenetes Ingress only to accept internal requests instead of accepting external and internal requests?

I know I can setup a internal LoadBalancer but I get no benefits of subdomains that I need.

Following the following tutorial I can have a subdomain but my LoadBalancer would accept external requests
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes#step-5-—-enabling-pod-communication-through-the-load-balancer-(optional)

1) Ideally I would setup a internal-only ingress, is that possible?
2) Is there a way to set a domain+subdomain to a Service(type=loadbalancer) without making it available to the public?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

I believe you don’t need an ingress at all for what you’re trying to do. From inside your cluster, you should be able to reference your service by it’s name directly.

So if you have a service called “my-data-api-service”, other apps in your cluster should be able to directly access it at “http://my-data-api-service/api/v1....” for example.

Does that help?

  • Hello Nabsul, I have searched to no avail, I am new to this, can you please direct me to the documentation that states kubernetes services load balance across nodes?
    I have already experimented this and I can assure it works. I have been unable to set up a simple ingress nginx/load balancer and dotnet web app in digital Ocean though…

    • Where are you looking for documentation? The first paragraph of the official doc states that services can load balance:

      https://kubernetes.io/docs/concepts/services-networking/service/

      If you’re completely new to this, there might be something basic that you’re misunderstanding (happens all the time). Could you share the yaml files you’re using to set up your cluster?

      If I were to guess where you might be misunderstanding/misusing things:

      1) ingress is used to allow EXTERNAL traffic into your cluster. If you’re trying to do internal comms (node-to-node / service-to-service), you don’t need ingress.

      2) Don’t create individual pods. You want to be using deployments: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

      A good experiment setup:

      apiVersion: v1
      kind: Service
      metadata:
        name: hello-world
        labels:
          app: hello-world
      spec:
        ports:
          - name: web
            protocol: TCP
            port: 80
            targetPort: 80
        selector:
          app: hello-world
      ---
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: hello-world
        labels:
          app: hello-world
      spec:
        replicas: 3
        selector:
          matchLabels:
            app: hello-world
        template:
          metadata:
            labels:
              app: hello-world
          spec:
            containers:
            - name: nginx
              image: nginx
              ports:
              - containerPort: 80
                name: http
      

      If this deploys to your cluster, you should then be able to run a pod, and from inside that pod curl http://hello-world should get you the default nginx welcome page.

      If this doesn’t work for you, I’ll need more details to be able help.

      • Thank you for you answer in such a short time.
        I was following the official documentation as you just posted.

        “Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.”

        I didn’t understand this means you can load balance across NODES. I’m sorry, my bad.
        This does what we want but I will try to get ingress working and post here my setup. Again, thank you.

Submit an Answer