Home > Net >  ArgoCD ingress is not reachable
ArgoCD ingress is not reachable

Time:07-20

I’m trying to set up argocd in EKS cluster using helm. I want to use ALB as a load balancer. The UI is reachable through http://node_ip:8080, but not through the ALB or the LB that was created.

Here is my configuration:

  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/scheme: internal
      alb.ingress.kubernetes.io/target-type: IP
      alb.ingress.kubernetes.io/certificate-arn: "${cert}"
      alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-FS-1-2-Res-2020-10

Here is the ingress that was created:

kubectl get ing -n argocd

NAME            CLASS    HOSTS                         ADDRESS                                                          PORTS   AGE
argocd-server   <none>   eks-test-alb-argocd.abc.com   internal-k8s-argocd-argocdse-111.222.us-east-1.elb.amazonaws.com   80      9h

Here is what i get when trying to use the DNS or the LB address:

curl internal-k8s-argocd-argocdse-111-222.us-east-1.elb.amazonaws.com

<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>

What could be the issue?

CodePudding user response:

from your below, it looks like your ingress isn't forwarding 443 to the service

kubectl get ing -n argocd

NAME            CLASS    HOSTS                         ADDRESS                                                          PORTS   AGE
argocd-server   <none>   eks-test-alb-argocd.abc.com   internal-k8s-argocd-argocdse-111.222.us-east-1.elb.amazonaws.com   80      9h

can you set server.ingress.https to be true in your helm value?

CodePudding user response:

Did you create a second service for the argocd-server? According to the docs:

This is necessary because we need to tell the ALB to send the GRPC traffic to a different target group then the UI traffic, since the backend protocol is HTTP2 instead of HTTP1.

apiVersion: v1
kind: Service
metadata:
  annotations:
    alb.ingress.kubernetes.io/backend-protocol-version: HTTP2 #This tells AWS to send traffic from the ALB using HTTP2. Can use GRPC as well if you want to leverage GRPC specific features
  labels:
    app: argogrpc
  name: argogrpc
  namespace: argocd
spec:
  ports:
  - name: "443"
    port: 443
    protocol: TCP
    targetPort: 8080
  selector:
    app.kubernetes.io/name: argocd-server
  sessionAffinity: None
  type: NodePort

The other thing that you're missing in your ingress definition is the following conditional in your annotations:

alb.ingress.kubernetes.io/conditions.argogrpc: |
        [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]

This is to route all application/grpc traffic to the HTTP2 backend previously created.

Reference:

  1. https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode

Page link:https//www.codepudding.com/net/481348.html

Prev:Pods in differents Nodes can't talk each other - Kubernetes
Next:Check how many times query param exists in url, if beginning with certain characters
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding