Home > database >  AKS Ingress-Nginx ingress controller failing to route by host
AKS Ingress-Nginx ingress controller failing to route by host

Time:01-27

I am configuring an ingress-nginx load balancer on Azure Kubernetes service. I have installed the load balancer using Helm, and set up ingress. Here is the behavior I'm encountering:

  • When I include a host in my pathing rules in my ingress config, I cannot access service at that host URL. The request times out
  • When I don't include a host in my pathing rules, I can access the service at that host URL with no issues
  • Regardless of whether or not the host is included in the pathing rules, I can successfully access the service at the host URL when I CURL it from any pod in the cluster.
  • Nslookup successfully resolves the host on my machine

I'm trying to figure out why I'm unable to reach my service when host is included in my ingress configuration. Any ideas? Technical details are below.

Note that the configuration is only pointing to one service currently, but filtering by host will eventually be necessary - I'm planning to have multiple services with different domains running through this load balancer.

Ingress controller configuration:

helm install --replace ingress-nginx ingress-nginx/ingress-nginx \
  --create-namespace \
  --namespace $NAMESPACE \
  --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=127.0.0.1 \
  --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-dns-label-name"=$DNS_LABEL \
  --set controller.service.loadBalancerIP=$IP \

The ingress configuration:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-world-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - my.host.com
    secretName: tls-secret
  rules:
  - host: my.host.com //Removing this item makes the service reachable
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: xrcfrontend
            port:
              number: 80

This is the curl command I'm running. It returns the correct results when run inside the pod, and times out when run outside.

curl https://my.host.com --insecure

CodePudding user response:

If you are using AKS v>=1.24, then try adding below annotation with path /healthz instead of 127.0.0.1 during nginx ingress controller installation or in nginx ingress controller service and use host based routing with nginx ingress routes -

service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path"=/healthz

If the above helps then Why was it not working with host earlier?

  • because backend pool of LB goes unhealthy because of wrong health-probe path of ingress controller. Ingress route is only accepting traffic for the particular host name and hence health probe of ingress controller service(Azure LB) is failing because / or 127.0.0.1 for http protocol returns 404.

Github discussion on changes - https://github.com/Azure/AKS/issues/2903#issuecomment-1115720970

More details on installation - https://learn.microsoft.com/en-us/azure/aks/ingress-basic?tabs=azure-cli#basic-configuration

Page link:https//www.codepudding.com/database/684392.html

Prev:How to make User input choose shape of turtle
Next:TkInter Making a large number of cells with Grid, while using Geometry property
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding