Ingress rule not redirecting to deployment

限于喜欢 提交于 2019-12-24 21:26:06

问题


Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: assortment-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - myapp.centralus.cloudapp.azure.com
    secretName: aks-ingress-tls
  rules:
  - host: myapp.centralus.cloudapp.azure.com
    http:
      paths:
      - path: /my-service
        backend:
          serviceName: my-backend
          servicePort: 80

deployment & service

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: myservice
    spec:
      containers:
      - name: myservice
        image: myreg.azurecr.io/my-latest
        imagePullPolicy: Always
        ports:
           - name: http
             containerPort: 8080
      imagePullSecrets:
      - name: my-auth

apiVersion: v1
kind: Service
metadata:
 name: my-backend
spec:
 type: ClusterIP
 selector:
   app: myservice
 ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 8080

However

curl https://myapp.centralus.cloudapp.azure.com/my-service

gives

default backend - 404

Note myapp.centralus.cloudapp.azure.com already resolves to the ingress controller's public IP

When I create a service with type LoadBalancer with same config, it works with public api.


回答1:


First of all check your pods are in running state.

or

maybe cause of redirection of too many ports from 80 to 8080.ingress to service to target port.

your config is absolutely right it is simple problem may be pod not running or wait for some time to with clear cache of browser.




回答2:


When you use the TLS with the Ingress, there also two ways for you to use the certificates.

One is that use your own certificate. You can follow the steps in Create an HTTPS ingress controller and use your own TLS certificates on Azure Kubernetes Service (AKS). But for this, you just can access the URL like this:

curl -v -k --resolve demo.azure.com:443:yourIngressExternalIP https://demo.azure.com

When you use the DNS name that you set in Azure with the Public IP, you can create the certificate like this in your case:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -out aks-ingress-tls.crt \
    -keyout aks-ingress-tls.key \
    -subj "/CN=myapp.centralus.cloudapp.azure.com/O=aks-ingress-tls"

Then you can sue the command curl https://myapp.centralus.cloudapp.azure.com, but it will show like this:

When you use the browser the access the URL, it will show like this:

To use another way you can follow the steps in Create an ingress controller with a static public IP address in Azure Kubernetes Service (AKS). I suggest this way. Take a try.




回答3:


The issue was, when the backend app was accessed via ngix controller the following headers were added

X-FORWARDED-PROTO: https
X-FORWARDED-PORT: 443

While accessing it via the public IP of the LoadBalancer was not a problem The issue could be reproduced when we add the header

curl -v 104.43.164.105 -H "X-Forwarded-Proto: https"

Gives 302 Found

These additional headers were not liked by the following spring-boot configuration in application.yaml

server:
  useForwardHeaders: true

This was fixed by

server:
  useForwardHeaders: false

or

removing the above configuration altogether.



来源:https://stackoverflow.com/questions/54629591/ingress-rule-not-redirecting-to-deployment

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!