I have 2 deployment, 2 respective node port services, both targeted to port 80 in my EKS cluster runs in AWS environment.
My Terraform templates are like as follows:
Resource: Kubernetes Ingress Class Manifest
# File: 01. ingress_class.tf
resource "kubernetes_ingress_class_v1" "ingress_class_default" {
depends_on = [helm_release.loadbalancer_controller]
metadata {
name = "ingress-class"
# annotations = {
# "ingressclass.kubernetes.io/is-default-class" = "true"
# }
}
spec {
controller = "ingress.k8s.aws/alb"
}
}
Kubernetes API Deployment Manifest
# File: 02. api.tf
resource "kubernetes_deployment_v1" "api" {
metadata {
name = "api-deployment"
labels = {
app = "api"
}
}
spec {
replicas = 1
selector {
match_labels = {
app = "api"
}
}
template {
metadata {
labels = {
app = "api"
}
}
spec {
container {
image = "my_image"
name = "api"
env {
name = "BASE_CLIENT_URL"
value = "http://client"
}
port {
container_port = 80
}
}
}
}
}
}
Kubernetes Client Deployment Manifest
# File: 03. client.tf
resource "kubernetes_deployment_v1" "client" {
metadata {
name = "client-deployment"
labels = {
app = "client"
}
}
spec {
replicas = 1
selector {
match_labels = {
app = "client"
}
}
template {
metadata {
labels = {
app = "client"
}
}
spec {
container {
image = "my_image"
name = "client"
env {
name = "NEXT_PUBLIC_API_URL"
value = "http://api"
}
env {
name = "NEXTAUTH_SECRET"
value = "SDKLFKasjdaeirpiwiKJKIOOIJDasdfd"
}
env {
name = "NEXTAUTH_URL"
value = "http://api/api/auth"
}
port {
container_port = 80
}
}
}
}
}
}
Kubernetes Service Manifest API Nodeport
# Filename: 04. api-nodeport.tf
resource "kubernetes_service_v1" "api_np_service" {
metadata {
name = "api-nginx-nodeport-service"
annotations = {
"alb.ingress.kubernetes.io/healthcheck-path" = "/api"
}
}
spec {
selector = {
app = kubernetes_deployment_v1.api.spec.0.selector.0.match_labels.app
}
port {
name = "http"
port = 80
target_port = 80
}
type = "NodePort"
}
}
Kubernetes Service Manifest Client Nodeport
# Filename: 05. client-nodeport.tf
resource "kubernetes_service_v1" "client_np_service" {
metadata {
name = "client-nginx-nodeport-service"
annotations = {
"alb.ingress.kubernetes.io/healthcheck-path" = "/"
}
}
spec {
selector = {
app = kubernetes_deployment_v1.client.spec.0.selector.0.match_labels.app
}
port {
name = "http"
port = 80
target_port = 80
}
type = "NodePort"
}
}
Kubernetes Service Manifest Load Balancer
# Filename: 06. ingress-service.tf
resource "kubernetes_ingress_v1" "ingress" {
metadata {
name = "ingress-service"
annotations = {
# Load Balancer Name
"alb.ingress.kubernetes.io/load-balancer-name" = "ingress-service"
# Ingress Core Settings
"alb.ingress.kubernetes.io/scheme" = "internet-facing"
# Health Check Settings
"alb.ingress.kubernetes.io/healthcheck-protocol" = "HTTP"
"alb.ingress.kubernetes.io/healthcheck-port" = "traffic-port"
#Important Note: Need to add health check path annotations in service level if we are planning to use multiple targets in a load balancer
"alb.ingress.kubernetes.io/healthcheck-interval-seconds" = 15
"alb.ingress.kubernetes.io/healthcheck-timeout-seconds" = 5
"alb.ingress.kubernetes.io/success-codes" = 200
"alb.ingress.kubernetes.io/healthy-threshold-count" = 2
"alb.ingress.kubernetes.io/unhealthy-threshold-count" = 2
}
}
spec {
ingress_class_name = "ingress-class" # IngressClass
default_backend {
service {
name = kubernetes_service_v1.client_np_service.metadata[0].name
port {
number = 80
}
}
}
rule {
http {
path {
backend {
service {
name = kubernetes_service_v1.api_np_service.metadata[0].name
port {
number = 80
}
}
}
path = "/api/v1/"
path_type = "Prefix"
}
}
}
}
}
After successful deployment I can access them via browser:
- Client:
http://ingress-service-38383838.us-east-1.elb.amazonaws.com/ - API:
http://ingress-service-38383838.us-east-1.elb.amazonaws.com/api/v1
But my Client app failed to access the API service to fetch data.
I don’t understand what I am missing?
2