Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of ExternalName Service support #3505

Open
maciejmaz opened this issue Dec 4, 2023 · 13 comments
Open

Lack of ExternalName Service support #3505

maciejmaz opened this issue Dec 4, 2023 · 13 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@maciejmaz
Copy link

I'm creating this feature request to reopen the issue described here: #1223

Is your feature request related to a problem?
When you set up ALB Ingress and the service linked with this ingress is ExternalName type, the Target Group in AWS doesn't have any targets registered and the ingress returns HTTP 503 error.

Describe the solution you'd like
Adding an ingress with an ExternalName service type should properly route traffic to the service.
This would allow creating cross-namespace relations between Ingress and the services.

Example:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  namespace: namespace1
  labels:
    app: nginx
spec:
  containers:
  - name: nginx-container
    image: nginx:latest
    ports:
    - containerPort: 80
      protocol: TCP

---

kind: Service
apiVersion: v1
metadata:
  name: nginx-service
  namespace: namespace1
spec:
  selector:
    app: nginx
  type: ClusterIP
  ports:
  - port: 80

---

kind: Service
apiVersion: v1
metadata:
  name: nginx-service-external
  namespace: namespace2
spec:
  type: ExternalName
  externalName: nginx-service.namespace1.svc.cluster.local

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  namespace: namespace2
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/group.name: ingress
    alb.ingress.kubernetes.io/certificate-arn: <placeholder>
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-service-external
                port:
                  number: 80

Should result hosting nginx from namespace1 on ingress deployed in namespace2

Describe alternatives you've considered

  1. Switching to Nginx ingress controller
  2. Adding some nginx pod doing the proxy_pass as suggested here: Lack of ExternalName Service support #1223 (comment)
@yalattas
Copy link

I am facing same issue here. My setup worked fine with nginx controller in OCI. Yet, when I switched to AWS ALB. It didn't work

@holooloo
Copy link

Same issue, no ip addresses in target groups

@eahangari-8x8
Copy link

yes, same here. I don't think AWS ALB controller supports this feature.

@msvticket
Copy link

msvticket commented Feb 3, 2024
edited
Loading

Another use case for ExternalName would be to put a load balancer in front of an S3 interface endpoint:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#private-dns

This would be useful to make it easier to implement a solution like this: Hosting Internal HTTPS Static Websites with ALB, S3, and PrivateLink

For this use case the ALB controller could only support target type ip, since there wouldn't be any instance to route to. I think it should be hard coded for any extrernalname pointing outside the k8s cluster that target type is ip and just a warning event should be emitted if alb.ingress.kubernetes.io/target-type: instance is specified.

msvticket added a commit to msvticket/aws-load-balancer-controller that referenced this issue Feb 12, 2024
@msvticket
feat: support externalname services
8c92a38 
fixes kubernetes-sigs#3505
@msvticket msvticket mentioned this issue Feb 12, 2024
Open
6 tasks
@shraddhabang shraddhabang added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 28, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 28, 2024
@msvticket
Copy link

I created a PR back in February to fix this (#3571). Unfortunately nobody has reviewed it...

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 29, 2024
@lalit4osttra
Copy link

Is there any progress on the issue

@lalit4osttra
Copy link

I found an alternate, instead of creating a single in ingress in separate namespace, we can create separate separate ingress in service namespaces and use ingress group (a simple annotation) in all ingress ... behind the scenes all the ingress (that are part of same ingress group) will get combined.

https://aws.amazon.com/blogs/containers/a-deeper-look-at-ingress-sharing-and-target-group-binding-in-aws-load-balancer-controller/

https://aws.amazon.com/blogs/containers/a-deeper-look-at-ingress-sharing-and-target-group-binding-in-aws-load-balancer-controller/

I have tested it with fargate in my env ... it works perfectly fine

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 24, 2024
@msvticket
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 24, 2024
@serhii-ciq
Copy link

I faced the same issue :(
CrossNamespace routing does not work and this workaround would be very helpful

Also I manually created the endpoint for the externalName service but got no luck - k8s TargetGroup was created but ALB TargetGroup was empty

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 4, 2025
@msvticket
Copy link

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@msvticket @holooloo @shraddhabang @k8s-ci-robot @yalattas @k8s-triage-robot @maciejmaz @eahangari-8x8 @lalit4osttra @serhii-ciq