Home > database >  Blank Page in Kubernetes Ingress
Blank Page in Kubernetes Ingress

Time:11-04

I have deployed an ingress in Kubernetes and using two applications on different ingress namespaces.

When I access the APP2 I can reach the website and it's working fine but APP1 is displaying BLANK page. No errors just BLANK and response 200 OK.

Basically I integrated ArgoCd with Azure AD. The integration it is fine but I think ingress rules are not totally fine.

Both Apps are on different namespaces so I have to use two different ingress on different namespaces:

This is the APP1:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /argo-cd/$2
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  defaultBackend:
    service:
      name: argocd-server
      port:
        number: 443
  rules:
  - http:
      paths:
        - path: /argo-cd
          pathType: Prefix
          backend:
            service:
              name: argocd-server
              port:
                number: 443

And this is the APP2:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sonarqube-ingress
  namespace: ingress-nginx
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  defaultBackend:
    service:
      name: sonarqube
      port:
        number: 9000  
  tls:
  - hosts:
    - sq-example
    secretName: nginx-cert
  rules:
  - host: sq.example.com
    http:
      paths:
      - path: /sonarqube(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: sonarqube
            port:
              number: 9000
      - path: /(.*)
        pathType: Prefix
        backend:
          service:
            name: sonarqube
            port:
              number: 9000

args of ingress deployment:

spec:
      containers:
      - args:
        - /nginx-ingress-controller
        - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
        - --election-id=ingress-controller-leader
        - --controller-class=k8s.io/ingress-nginx
        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        - --default-ssl-certificate=ingress-nginx/ca-key-pair
        - --enable-ssl-passthrough

logs ingress controller pod:

10.200.140.160 - - [03/Nov/2021:15:00:34  0000] "GET /argo-cd HTTP/1.1" 200 831 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 489 0.002 [argocd-argocd-server-443] [] 10.200.140.177:8080, 10.200.140.177:8080 0, 831 0.000, 0.004 502, 200 d491c01cd741fa9f155642f8616b6d9f
2021/11/03 15:09:05 [error] 867#867: *534643 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 10.200.140.160, server: _, request: "GET /argo-cd/ HTTP/1.1", upstream: "https://10.200.140.177:8080/argo-cd/", host: "10.200.140.211"
10.200.140.160 - - [03/Nov/2021:15:09:05  0000] "GET /argo-cd/ HTTP/1.1" 200 831 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 440 0.006 [argocd-argocd-server-443] [] 10.200.140.177:8080, 10.200.140.177:8080 0, 831 0.000, 0.004 502, 200 8995b914ae6e39d8ca781e1f4f269f50
10.200.140.160 - - [03/Nov/2021:15:09:16  0000] "GET /argo-cd HTTP/1.1" 200 831 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 489 0.001 [argocd-argocd-server-443] [] 10.200.140.177:8080 831 0.004 200 0adadba11c87f9b88ed75d52e4ca387a

I tryied playing with the path: /argo-cd on APP1 like:

path: /argo-cd/ path: /argo-cd/(/|$)(.) path: /argo-cd/(.) path: /argo-cd/*

but impossible to make it work. Am I doing something wrong here?

Thanks in advance.

CodePudding user response:

The problem is that you didn't configure the argo-cd root path.


Why?

First, it's worth to remind that NGINX Ingress controller by default is Cluster-wide:

  • Cluster-wide Ingress Controller (default). The Ingress Controller handles configuration resources created in any namespace of the cluster. As NGINX is a high-performance load balancer capable of serving many applications at the same time, this option is used by default in our installation manifests and Helm chart.

So even if you have configured Ingresses in different namespaces at the end you are using the same NGINX Ingress Controller. You can check it by running:

kubectl get ing -n ingress-nginx
kubectl get ing -n argocd

You can observe that ADDRESS is the same for both ingresses in different namespaces.

Let's assume that I have applied only the first ingress definition (APP1). If I try to reach https://{ingress-ip}/argo-cd I will be redirected to the https://{ingress-ip}/applications website - it works probably because you also setup the defaultBackend setting. Anyway it's not a good approach - you should configure the argo-cd root path correctly.

When I applied the second ingress definition (APP2) I'm also getting the blank page as you - probably because the definitions from both ingresses are mixing and this is causing an issue.

How to setup the argo-cd root path?

Based on this documentation:

Edit the argocd-server deployment to add the --rootpath=/argo-cd flag to the argocd-server command.

It's not really explained in detailed way in the docs, but I figured how to setup it:

First, we need to get current deployment configuration:

kubectl get deploy argocd-server -o yaml -n argocd > argocd-server-deployment.yaml

Now, we need to edit the argocd-server-deployment.yaml file. Under command (in my case it was line 52) we need to add rootpath flag - before:

containers:
- command:
  - argocd-server
  env:

After:

containers:
- command:
  - argocd-server
  - --rootpath=/argo-cd
  env:

Save it, and run kubectl apply -f argocd-server-deployment.yaml.

Now, it's time to edit ingress definition also - as we setup root path we need to delete nginx.ingress.kubernetes.io/rewrite-target: annotation:

annotations:
  kubernetes.io/ingress.class: nginx
  nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
  nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

After these changes, if I reach https://{ingress-ip}/argo-cd I will be redirected to the https://{ingress-ip}/argo-cd/applications. Everything is working properly.

  • Related