Posting this here in case someone else comes across the same issues I had and needs help.
With everything on bare metal-metal in a traditional home network using a router, I wanted to expose apps on the web with only limited points of entry into the cluster (ports 80 and 443 for http and https traffic respectively), without opening any more ports than necessary and keeping workloads and services safe behind ClusterIP networking (no need to expose ports for workloads and services with NodePort).
None of my nodes have a public IP, only my router does.
Ingress was the answer, as it can route traffic based on different hostnames all the while using the same IP address.
Because the nodes in my cluster were all inside a private home network, there were no straightforward instructions on how to do this.
Additionally, I wanted to use xip.io to generate free URLs for testing purposes that worked over the WWW, but the Automatically generate a .xip.io hostname
option when adding ingress through the Rancher UI would only work on my local network, not the web.
I banged my head on this for days.
But I finally figured it out and it’s easy as pie.
First, we need to go into the router’s settings and do some port forwarding.
Say your router’s public IP is 16.43.236.65
and you have a node on your cluster whose internal private IP on the home network is 192.168.0.155
In your router’s settings, forward all port 80
and 443
traffic to ports 80
and 443
of one of your nodes so that it essentially looks like something like this:
16.43.236.65:80
→ 192.168.0.155:80
16.43.236.65:443
→ 192.168.0.155:443
Once that is done, go back to Rancher and click on Add Ingress
under Load Balancing
, unfortunately Automatically generate a .xip.io hostname
will still use your node’s private IP in your home network and only work locally.
Instead, you can just select Specify a hostname to use
and use your public IP with xip.io
like so:
16.43.236.65.xip.io
Now configure the rest of your ingress, I just leave everything at their defaults for now, I use Service
instead of Workload
for Target Backend
.
Now, when navigating to 16.43.236.65.xip.io
on your browser, you should be able to access the service you selected in the Ingress you added over the web.
If you want to add other services using xip.io you can, just add subdomains, for example:
another-service.16.43.236.65.xip.io
yet-another-service.16.43.236.65.xip.io
It might look like magic but the way it works is by hostname, so you can literally have any domain name point to the same public IP, Ingress will know where to forward the traffic and which service/workload to use based on the hostname, which I find brilliant.
Lastly, if you want to use an actual domain name: in the DNS settings from your domain name provider set an A Record
that points to your Router’s public IP. Using our current example that would be 16.43.236.65
.
On Rancher add an Ingress and specify that same domain name.
Same concept. Hopes this helps!