Game of pods iron gallery ingress problem

I am unable to complete the iron gallery challenge.
The check tells me everything is configured correctly but the application is not accessible via ‘http://iron-gallery-braavos.com:30099/’.

I checked firewall, iptables, found nothing.
Netstat tells me kube-proxy is listening to the 30099 on node01.
curl and nc give me “connection refused”.

I don’t get what is missing.

Hello, kevin.valleau
You have to define nodeport in you service manifest file.

I already tried to add a nodeport on the iron-gallery-svc and it doesn’t work either.

Have you defined 30099 port in your ingress manifest file to receive a incoming traffic?

I thought ingress resources cannot allow to specify incoming ports.
Network policies can.

What ever you defined in your manifest file with selector and ingress rule. It will allow only to that.

As i can see there is two backend service. So you can define in your ingress manifest file.

As you can see in the screen capture I joined, every component is green. So that means the backend service is configured correctly.

I am notifying you two backend service name is written in task description. Can you share your ingress yaml file?

One is “iron-gallery-service” and second one is “ingress-space”.

oO so the last line “Name: ingress-spacehttp backend servicePort: ‘80’” means a second backend service ?
Unclear. And why the check is pointing that it’s ok ?

Here’s my ingress yaml :

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: iron-gallery-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: iron-gallery-braavos.com
    http:
      paths:
      - path: /
        backend:
          serviceName: iron-gallery-service
          servicePort: 80

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: iron-gallery-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:

  • host: iron-gallery-braavos.com
    http:
    paths:
    • path: /
      backend:
      serviceName: iron-gallery-service
      servicePort: 30099
    • path: /
      backend:
      serviceName: ingress-space
      servicePort: 80
1 Like

You defined iron-gallery-service with nodeport so for incoming traffic will hit 30099 port and 2nd one will send traffic to Pod.

It worked with the ingress correction and the creation of the ingress-space nodeport service.

But I quite don’t get how it works. I thought you could only have one path per rule.

So in this ingress, it means when incoming trafic comes to “iron-gallery-braavos.com/” you have 2 backend services targeted ?

Because the iron-gallery-service is a clusterip that listens the 80 port only.
The ingress-space is a nodeport that exposes the 30099 to the 80 of the iron-gallery-deployment.

Or does-it work in a sequential manner ?

Anyway thank you very much for your help and your patience.

P.S. : for your information, it works if I make iron-gallery-service a nodeport instead of a clusterip, with nodeport 30099 and with your ingress file corrections but without creating the ingress-space service.
I read the doc and if two paths are identical, only one have precedence. So the second backend service seems to be worthless.

1 Like

Nodeport has no role in service file? I thought task description is about define NodePort in that service file.

Yeah i agreed with that It’s a OR’s statement not AND’s statement.

Yep. So I didn’t create any ingress-space service and the application is accessible and the challenge validates anyway.

Actually a previous comment for network policy not for ingress.

The netpol doesn’t concern the iron gallery service but the iron db service.

May be worked for both ingress and for network policy.