I have the following setup:
k8s cluster A, containing service SA
k8s cluster B, containing service SB, and an HTTP ingress that routes traffic to SB
Is it possible to add service SA as the backend service for one of the path of the ingress? If so, how do I refer to it in the ingress configuration file? (using selectors in the usual way doesn't work, presumably because we are in different clusters)
Ingress objects help configure HTTP(S) load balancing for a single cluster. They don't have a concept of multiple clusters, so they aren't going to have a configuration language for what you are trying to accomplish (maybe they will with Ubernetes, but they certainly don't today).
The upshot is that you can bypass the Ingress configuration and configure the routing manually (after all, Ingress is really just an ease-of-use shortcut for a typical L7 configuration). You can create your own L7 configuration in GCP and set up the path based forwarding to route to different backend groups. You can then assign the backend groups to a NodePort
service that you configure in each of your clusters.
The rough steps are:
- Create a
NodePort
service in each cluster
- Create an HTTP health check for each service
- Add a firewall rule to allow http health checks to hit your backends
- Add a service to the instance group for your cluster (e.g.
gcloud compute instance-groups managed set-named-ports ...
)
- Add backend services for the load balancer (e.g.
gcloud compute backend-services create ...
)
- Add a backend for your cluster to this backend service (e.g.
gcloud compute backend-services add-backend ...
)
- Map that URL to your backend service (e.g.
gcloud compute url-maps create ...
)
- Create a load balancing proxy for that backend service (e.g.
gcloud compute target-http-proxies create ...
)
- Create a forwarding rule for that proxy (e.g.
gcloud compute forwarding-rules create ...
)
Just to add a little to what Robert stated above. First, you are going to want to specify a specific nodePort in your NodePort service. Then, use that port number for the "named port" and in the healthcheck. Finally the firewall rule that you create also has to allow that port.
As a beginner, I did find that using the Console made it much easier to configure.