问题
Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: assortment-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- myapp.centralus.cloudapp.azure.com
secretName: aks-ingress-tls
rules:
- host: myapp.centralus.cloudapp.azure.com
http:
paths:
- path: /my-service
backend:
serviceName: my-backend
servicePort: 80
deployment & service
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 1
template:
metadata:
labels:
app: myservice
spec:
containers:
- name: myservice
image: myreg.azurecr.io/my-latest
imagePullPolicy: Always
ports:
- name: http
containerPort: 8080
imagePullSecrets:
- name: my-auth
apiVersion: v1
kind: Service
metadata:
name: my-backend
spec:
type: ClusterIP
selector:
app: myservice
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080
However
curl https://myapp.centralus.cloudapp.azure.com/my-service
gives
default backend - 404
Note myapp.centralus.cloudapp.azure.com already resolves to the ingress controller's public IP
When I create a service with type LoadBalancer with same config, it works with public api.
回答1:
First of all check your pods are in running state.
or
maybe cause of redirection of too many ports from 80 to 8080.ingress to service to target port.
your config is absolutely right it is simple problem may be pod not running or wait for some time to with clear cache of browser.
回答2:
When you use the TLS with the Ingress, there also two ways for you to use the certificates.
One is that use your own certificate. You can follow the steps in Create an HTTPS ingress controller and use your own TLS certificates on Azure Kubernetes Service (AKS). But for this, you just can access the URL like this:
curl -v -k --resolve demo.azure.com:443:yourIngressExternalIP https://demo.azure.com
When you use the DNS name that you set in Azure with the Public IP, you can create the certificate like this in your case:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-out aks-ingress-tls.crt \
-keyout aks-ingress-tls.key \
-subj "/CN=myapp.centralus.cloudapp.azure.com/O=aks-ingress-tls"
Then you can sue the command curl https://myapp.centralus.cloudapp.azure.com
, but it will show like this:
When you use the browser the access the URL, it will show like this:
To use another way you can follow the steps in Create an ingress controller with a static public IP address in Azure Kubernetes Service (AKS). I suggest this way. Take a try.
回答3:
The issue was, when the backend app was accessed via ngix controller the following headers were added
X-FORWARDED-PROTO: https
X-FORWARDED-PORT: 443
While accessing it via the public IP of the LoadBalancer was not a problem The issue could be reproduced when we add the header
curl -v 104.43.164.105 -H "X-Forwarded-Proto: https"
Gives 302 Found
These additional headers were not liked by the following spring-boot configuration in application.yaml
server:
useForwardHeaders: true
This was fixed by
server:
useForwardHeaders: false
or
removing the above configuration altogether.
来源:https://stackoverflow.com/questions/54629591/ingress-rule-not-redirecting-to-deployment