K8S Ingress and Pfsense firewall
I have been playing a bit with Kubernettes (K8S) lately.
Since it’s running on my vSphere environment, and not a public cloud, I don’t have native access to a load balancer, so I have to use the Ingress Controller instead.
Right now i’m using Rancher to deploy the K8S cluster, and due to lack of static ipadresses on my nodes, a LoadBalancer is not an easy thing to get working, it seams.
There is probably a new blog post coming out around that, in the future :-)
I had some problems getting the Ingress Controller to work.
It seamed, that no matter what kind of application, I was using, it was just not working, with the Xip.io service.
I ended up finding a really basic blog, where you deploy an apple and a banana workload, to see how the Ingress Controller, can handle both, using different urls. And it was still not working.
And then i found the error. I’m using Pfsense for my home environment. And there i’m using the DNS forwarder service.
It turns out, that Pfsense is protecting me from DNS rebind, witch is exactly what xip.io is doing.
Then the solution was easy, and can be found here
Simply add “rebind-domain-ok=/xip.io/” to the Custom options in Pfsense -> Services -> DNS Forwarder. And now it’s working perfectly.
Hope this helps some of you, that might be in the same situation.
Update : I switched to DNS revolver instead of forwarder today.
The fix looks a bit different.
Chose custom options, and add the following text.
Photo by Georg Bommeli on Unsplash