Ingress not forwarding traffic to pod - nginx

Ingress is not forwarding traffic to pods.
Application is deployed on Azure Internal network.
I can access app successfully using pod Ip and port but when trying Ingress IP/ Host I am getting 404 not found. I do not see any error in Ingress logs.
Bellow are my config files.
Please help me if I am missing anything or a how I can troubleshoot to find issue.
Deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: aks-helloworld-one
spec:
replicas: 1
selector:
matchLabels:
app: aks-helloworld-one
template:
metadata:
labels:
app: aks-helloworld-one
spec:
containers:
- name: aks-helloworld-one
image: <image>
ports:
- containerPort: 8290
protocol: "TCP"
env:
- name: env1
valueFrom:
secretKeyRef:
name: configs
key: env1
volumeMounts:
- mountPath: "mnt/secrets-store"
name: secrets-mount
volumes:
- name: secrets-mount
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "azure-keyvault"
imagePullSecrets:
- name: acr-secret
---
apiVersion: v1
kind: Service
metadata:
name: aks-helloworld-one
spec:
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8290
selector:
app: aks-helloworld-one
Ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
namespace: ingress-basic
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: aks-helloworld
port:
number: 80

Correct your service name and service port in ingress.yaml.
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
# wrong: name: aks-helloworld
name: aks-helloworld-one
port:
# wrong: number: 80
number: 8080
Actually, you can use below command to confirm if ingress has any endpoint.
kubectl describe ingress hello-world-ingress -n ingress-basic

You have mentioned the wrong service name under the ingress definition. Service name should be aks-helloworld-one as per the service definition.

Related

Can I deploy ingress.yaml file in another namespace and run my deploy.yaml file in AKS

I have created 2 namespaces which are "ingress-basic" and "wallarm-ingress" now I have applied the deploying file in "ingress-basic" namespace and I want to know whether I can have applied my ingress.yaml file in "wallarm-ingress" namespace and expose the deployment to the internet.
This the deployment yaml file
`
apiVersion: apps/v1
kind: Deployment
metadata:
name: api
spec:
replicas: 1
selector:
matchLabels:
app: api
template:
metadata:
labels:
app: api
spec:
containers:
- name: api
image: newwallarmacr.azurecr.io/api-app:v1
ports:
- containerPort: 3333
---
apiVersion: v1
kind: Service
metadata:
name: api
spec:
type: ClusterIP
ports:
- port: 3333
selector:
app: api
`
And this is the ingress.yaml file
`
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
kubernetes.io/ingress.class: nginx
name: api
namespace: ingress-basic
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /one(/|$)(.*)
pathType: Prefix
backend:
service:
name: api
port:
number: 3333
- path: /(.*)
pathType: Prefix
backend:
service:
name: api
port:
number: 3333
`
I tried this and this didn't work so I want to know which parts should be added, edited to get this deployment expose to the internet.
By default every workload (pod, endpoints, services) are exposed inside particular namespace. But for your case, you want to access a service hosted in wallarm-ingress via an ingress hosted in ingress-basic. In that case service should be called via this syntax.
{serviceName}.{serviceName-namespace}.svc
So your ingress object should be like this
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
kubernetes.io/ingress.class: nginx
name: api
namespace: ingress-basic
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /one(/|$)(.*)
pathType: Prefix
backend:
service:
name: api.wallarm-ingress.svc
port:
number: 3333
- path: /(.*)
pathType: Prefix
backend:
service:
name: api.wallarm-ingress.svc
port:
number: 3333

GKE ingress is not working with WordPress deployment

I am trying to deploy Wordpress on GKE, everything is ok except the ingress, the ingress is not able to connect to backend service, showing " SOME BACKEND SERVICES ARE IN UNHEALTHY STATE"
I would be grateful if someone help me.
Wordpress deployment yaml file
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress-deployment
labels:
app: wordpress
spec:
replicas: 1
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: wordpress
image: wordpress
ports:
- containerPort: 80
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
env:
- name: WORDPRESS_DB_HOST
value: mysql-service
- name: WORDPRESS_DB_USER
value: wpuser
- name: WORDPRESS_DB_PASSWORD
value: pass#123
- name: WORDPRESS_DB_NAME
value: wpdb
- name: WORDPRESS_DEBUG
value: "1"
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wordpress-volumeclaim
Service yaml file
apiVersion: v1
kind: Service
metadata:
name: wordpress-service
spec:
type: NodePort
selector:
app: wordpress
ports:
- name: portname
nodePort: 30100
port: 80
targetPort: 80
Ingress yaml file
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wordpress-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: my-address
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: "gce"
spec:
rules:
- host: example.com
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress-service
port:
number: 80
Ingress GCP Consol
Ingress GCP Consol
GCP logs
In your spec
spec:
rules:
- host: example.com
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress-service
port:
number: 80
you accidentally have two different backends: one for "example.com" and one based on the path "/" for anything else. Since you are not specifying a backend for the "example.com", Ingress uses the default backend, which will never return healthy.
My guess is that you don't actually want "example.com", so deleting it from the spec should solve your issue:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wordpress-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: my-address
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: "gce"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress-service
port:
number: 80
You can try to go to https://console.cloud.google.com/compute/healthChecks/ and then modify the health check for the wordpress backend. For example changing it from / to /wp-admin/images/wordpress-logo.svg solved the issue in my case. This is described in this post https://serverfault.com/questions/826719/how-to-create-a-url-in-a-wordpress-that-will-return-code-200.

400: Bad Request blog page via http/https SSL-enabled k3s deployment

Using nginx-ingress controller and metallb for my loadbalancer in my k3s raspberry pi cluster. Trying to access my blog site but I get white page with 400: Bad Request.
I'm using Cloudflare to managed my domain and SSL/TLS mode is on "Full". Created an A name "Blog" and pointed the content to my public external IP. I opened the Loadbalancer IP address on my router exposing 80 and 433. What am I missing. I've been pulling my hair with his issues for days now. Here's the example of my k3s entire deployment
apiVersion: v1
kind: Service
metadata:
namespace: nginx
name: nginx-web
labels:
app: nginx-web
spec:
ports:
# the port that this service should serve on
- port: 8000
targetPort: 80
protocol: TCP
selector:
app: nginx-web
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: nginx
labels:
app: nginx-web
name: nginx-web
spec:
replicas: 1
selector:
matchLabels:
app: nginx-web
template:
metadata:
namespace: nginx
labels:
app: nginx-web
name: nginx-web
spec:
containers:
- name: nginx-web
image: nginx:latest
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-web
labels:
app: nginx-web
namespace: nginx
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- blog.example.com
secretName: blog-example-com-tls
rules:
- host: blog.example.com
http:
paths:
- backend:
service:
name: nginx-web
port:
number: 80
path: /
pathType: Prefix

Need help on configuring Nginx ingress controller for hcloud-cloud-controller-manager

I'm trying to follow this suggestion to use Hetzner load balancer as a Nginx ingress controller.
helm install ingress-nginx with these configurations:
controller:
config:
use-proxy-protocol: "true"
replicaCount: 3
service:
type: LoadBalancer
annotations:
load-balancer.hetzner.cloud/name: nginx-controller-new
load-balancer.hetzner.cloud/location: hel1
load-balancer.hetzner.cloud/use-private-ip: true
load-balancer.hetzner.cloud/algorithm-type: least_connections
load-balancer.hetzner.cloud/uses-proxyprotocol: true
load-balancer.hetzner.cloud/hostname: somehost.com
Deployments:
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo1
spec:
selector:
matchLabels:
app: echo1
replicas: 3
template:
metadata:
labels:
app: echo1
spec:
containers:
- name: echo1
image: hashicorp/http-echo
args:
- "-text=echo1"
ports:
- containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
name: echo-service
spec:
selector:
app: echo1
ports:
- name: http
protocol: TCP
port: 80
targetPort: 5678
ipFamilyPolicy: PreferDualStack
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
spec:
ingressClassName: nginx
rules:
- http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: echo-service
port:
number: 80
host: somehost.com
After installation, a Hetzner load balancer is successfully provisioned, however, it isn't able to detect the services:
I'm at a loss here. How can I connect the echo1 app to the ingress-nginx-controller service? I check out all of the available helm values but I cannot find something like service.selector to target echo1's service and make it publicly available. Can someone help me? Are there any alternatives?
I am not the Kubernetes master (more a noob) but I got it working with a L4-loadbalancer.
An annotation has to be set to your Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
And to use it without nginx-ingress, that worked for me (not tested with your labels)
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
name: "nginx-hello-world"
labels:
app: "hello-world"
spec:
selector:
matchLabels:
app: "hello-world"
strategy:
type: "Recreate"
template:
metadata:
labels:
app: "hello-world"
spec:
containers:
- image: "rancher/hello-world"
name: "nginx-hello-world"
imagePullPolicy: "Always"
ports:
- containerPort: 80
name: "http"
Service
for HTTP (to test your deployment)
---
apiVersion: "v1"
kind: Service
metadata:
name: "nginx-hello-world"
labels:
app: "hello-world"
annotations:
load-balancer.hetzner.cloud/name: lb-development
load-balancer.hetzner.cloud/hostname: somehost.com
load-balancer.hetzner.cloud/protocol: http
load-balancer.hetzner.cloud/health-check-port: 10254
spec:
type: LoadBalancer
selector:
app: "hello-world"
ports:
- name: "http"
port: 80
targetPort: 80
for SSL
apiVersion: v1
kind: Service
metadata:
name: nginx-hello-world
labels:
app: hello-world
annotations:
load-balancer.hetzner.cloud/hostname: somehost.com
load-balancer.hetzner.cloud/http-certificates: managed-certificate-1-wildcard-somehost.com
load-balancer.hetzner.cloud/name: lb-development
load-balancer.hetzner.cloud/protocol: https
spec:
ports:
- name: https
nodePort: 32725
port: 443
protocol: TCP
targetPort: 80
selector:
app: hello-world
type: LoadBalancer

nginx ingress controller don't reach backend service?

I am currently trying to expose an kubernetes service via an ingress controller, but I cannot seem to so?
Who some odd reason does the host/path never resolve to the clusterIp and port that I want to use, eventhough this should have been resolved via my ingress controller and the ressource?...
apiVersion: v1
kind: Service
metadata:
name: hello-kubernetes
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
selector:
app: hello-kubernetes
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-kubernetes
spec:
replicas: 3
selector:
matchLabels:
app: hello-kubernetes
template:
metadata:
labels:
app: hello-kubernetes
spec:
containers:
- name: hello-kubernetes
image: paulbouwer/hello-kubernetes:1.5
ports:
- containerPort: 8080
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-ingress-controller-conf
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: default
spec:
replicas: 1
revisionHistoryLimit: 3
template:
metadata:
labels:
app: nginx-ingress-lb
spec:
terminationGracePeriodSeconds: 60
serviceAccount: nginx
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
imagePullPolicy: Always
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 5
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-backend-service
- --configmap=$(POD_NAMESPACE)/nginx-ingress-controller-conf
- --v=2
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
---
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
name: http
- port: 443
targetPort: 443
name: https
selector:
app: nginx-ingress
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nginx-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: nginx-role
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-role
subjects:
- kind: ServiceAccount
name: nginx
namespace: default
---
#Ingress ressource
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-hello
spec:
rules:
- host: dev.hello.com
http:
paths:
- backend:
serviceName: hello-kubernetes
servicePort: 80
---
##Default backend
apiVersion: v1
kind: Service
metadata:
name: default-backend-service
labels:
app: default-backend
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8080
selector:
app: default-backend
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: default-backend
labels:
app: default-http-backend
spec:
selector:
matchLabels:
app: default-backend
serviceName: default-backend-service
replicas: 2
template:
metadata:
labels:
app: default-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-backend
image: gcr.io/google_containers/defaultbackend:1.0
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
I tried to make an MVP - but for some reason I can't resolve the path dev.hello.com
I want to use that to tell the ingress which service I want to connect to... but for some reason this never resolves to an ip address - it does not seem to hit anything?
Why? Is this incorrectly setup?
The service for hello-kubernetes should not be of type LoadBalancer because you want the ingress to work as Loadbalancer. So change the service of hello-kubernetes to type ClusterIP.
apiVersion: v1
kind: Service
metadata:
name: hello-kubernetes
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
selector:
app: hello-kubernetes
It's hard to understand what you exactly wants. You should be more precise what you exactly wants.
1. Ingress with ClusterIP.
Like Arghya Sadhu wrote, as you are using Ingress you don't need to specify LoadBalancer.
2. Ingress with NodePort
Keep in mind that you can also use NodePort with Ingress. Good explenation and example can be found here.
3. Ingress YAML
As per official Kubernetes Docs minimal Ingress resources looks like:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- http:
paths:
- path: /testpath
backend:
serviceName: test
servicePort: 80
In your Ingress I couldn't find spec.rules.http.paths.path.
4. IP of LoadBalancer
Also very important is where are you have your cluster. If you are using On-Prem like GKE, AWS, AZURE, etc. your LoadBalancer will automatically get externalIP which allow you to connect to your cluster from outside. However, if you are using local machine you will need to use MetalLB.
In addition, please take a look at kubernetes docs about Connect a Front End to a Back End Using a Service.
Also please check this tutorial, it might help you.

Resources