Ingress uses wildcard, although I didn't specify that - kubernetes

I have the following ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
namespace: apps
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/custom-http-errors: '404'
spec:
tls:
- hosts:
- mywebsite.com
secretName: my-secret-tls
rules:
- host: mywebsite.com
- http:
paths:
- path: /api/events
pathType: ImplementationSpecific
backend:
service:
name: my-events-api-svc
port:
number: 80
When I kubectl describe this ingress, I see the following
Name: my-ingress
Namespace: apps
Address: 52.206.112.10
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
my-secret-tls terminates mywebsite.com
Rules:
Host Path Backends
---- ---- --------
*
/api/events my-events-api-svc:80 (10.244.4.145:4000,10.244.5.118:4000)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/custom-http-errors: 404
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal UPDATE 9s (x7 over 153m) nginx-ingress-controller Ingress apps/my-ingress
The issue is that the specified path doesn't work, I'm getting 404. I noticed that in the output above, there is a * under the Host. My other ingresses are configured pretty much the same (only have different paths set), and there is no * in the kubectl describe output. Instead, in my other ingresses the proper Host - "mywebsite.com" - is shown.
The output above also has some error (<error: endpoints "default-http-backend" not found>), but I see it as well in my other ingresses (that do work).
What could be the problem?

Its your indentation, please check official example
spec:
rules:
- host: hello-world.info
http:
paths:
Try
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
namespace: apps
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/custom-http-errors: '404'
spec:
tls:
- hosts:
- mywebsite.com
secretName: my-secret-tls
rules:
- host: mywebsite.com
http:
paths:
- path: /api/events
pathType: ImplementationSpecific
backend:
service:
name: my-events-api-svc
port:
number: 80

Related

Warning: Rejected - All hosts are taken by other resources

I'm trying to setup Nginx-ingress controller to manage two paths on the same hostname in bare metal based cluster.
In the app1 namespace i have below nginx resource:-
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app1-ingress
namespace: app1
spec:
ingressClassName: nginx
rules:
- host: web.example.com
http:
paths:
- path: /app1
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
And in the app2 namespace i have below nginx resource:-
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app2-ingress
namespace: app2
spec:
ingressClassName: nginx
rules:
- host: web.example.com
http:
paths:
- path: /app2
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80
My app1-service applied first and it is running fine, now when i applied the second app2-service it shows below warning and not able to access it on browser.
Annotations: <none>
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning Rejected 54s nginx-ingress-controller All hosts are taken by other resources
Warning Rejected 54s nginx-ingress-controller All hosts are taken by other resources
Warning Rejected 54s nginx-ingress-controller All hosts are taken by other resources
How do i configure my nginx ingress resource to connect multiple service paths on the same hostname?
Default Nginx Ingress controller doesn't support having different Ingress resources with the same hostname. You can have one Ingress resource that contains multiple paths, but in this case all apps should live in one namespace. Like this:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app1-ingress
namespace: app1
spec:
ingressClassName: nginx
rules:
- host: web.example.com
http:
paths:
- path: /app1
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
- path: /app2
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80
Splitting ingresses between namespaces is currently not supported by standard Nginx Ingress controller.
You may however take a look at an alternative implementation of Nginx Ingress by Nginx Inc. They have support for Mergeable Ingresses.

Is there a way to see why I am not seeing any events when I try to use an Ingress with GKE?

I have the following ingress...
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: core-ingress
namespace: earth
annotations:
kubernetes.io/ingress.global-static-ip-name: "core-proxy-static-ip"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: core-ingress
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: core-proxy-service
port:
number: 80
I have used kubectl exec to make sure the service itself is running and listening on port 80 so I know core-proxy-service is working. When I try to install the ingress it never gets and IP and the events show nothings...
Name: core-ingress
Namespace: earth
Address:
Default backend: default-http-backend:80 (10.109.128.78:8080)
Rules:
Host Path Backends
---- ---- --------
*
/ core-proxy-service:80 (10.109.128.132:80)
Annotations: kubernetes.io/ingress.global-static-ip-name: core-proxy-static-ip
nginx.ingress.kubernetes.io/rewrite-target: /
Events: <none>
Since there are no events I figure something must have happened and that is why I am not getting an IP but how would I be able to debug to figure out what?
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
earth core-ingress core-ingress * 80 3m33s
Update
If I revert back to
defaultBackend:
service:
name: core-proxy-service
port:
number: 80
Everything works what am I missing?
Try something like :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-myservicea
annotations:
kubernetes.io/ingress.global-static-ip-name: "core-proxy-static-ip"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
backend:
serviceName: core-proxy-service
servicePort: 80
Ref doc : https://kubernetes.github.io/ingress-nginx/user-guide/basic-usage/

Kubernetes ingress is giving me 404 if I don't use wildcard

I am working on a microservice app and I use nginx ingress. I setup rules with 3 services, when I mention host in the rules like this bellow it always gives me 404 for all the services
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-srv
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
cert-manager.io/issuer: "local-selfsigned"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- "tradephlo.local"
secretName: tls-ca
rules:
- host: "tradephlo.local"
- http:
paths:
- path: /api/main/?(.*)
pathType: Prefix
backend:
service:
name: tradephlo-main-srv
port:
number: 4000
- path: /api/integration/?(.*)
pathType: Prefix
backend:
service:
name: tradephlo-integration-srv
port:
number: 5000
- path: /?(.*)
pathType: Prefix
backend:
service:
name: tradephlo-client-srv
port:
number: 3000
However if I put wildcard in the host under the rules it works perfectly
rules:
- host: "*.tradephlo.local"
I don't want to generate wildcard SSL in the production. Please help me point out what I am doing wrong here.
The problem is in dash - in the following line:
rules:
- host: "tradephlo.local"
- http:
Otherwise, it is 2 different hosts - tradephlo.local abd *.
We can check this with the following command:
kubectl describe ing ingress-srv
And we get this:
$ kubectl describe ing ingress-srv
Name: ingress-srv
Namespace: default
Address: xxxxxxxxxx
Default backend: default-http-backend:80 (10.60.0.9:8080)
TLS:
tls-ca terminates tradephlo.local
Rules:
Host Path Backends
---- ---- --------
*
/api/main/?(.*) nginx:80 (yyyyy:80)
And we get this after removed -:
$ kubectl describe ing ingress-srv
Name: ingress-srv
Namespace: default
Address: xxxx
Default backend: default-http-backend:80 (10.60.0.9:8080)
TLS:
tls-ca terminates tradephlo.local
Rules:
Host Path Backends
---- ---- --------
tradephlo.local
/api/main/?(.*) nginx:80 (yyyyyy:80)
So there is no need to use wildcard, when you do this, ingress treats *.tradephlo.local as different host and proceeds to * rule.

Ingress on root colliding with ingress on path

I have two containers - one that is a static page in nginx and second one that is react app.
I would like to serve static page on / and react app on /app
Currently the problem is that when I enter / I have redirect on /app
Excerpt of helm for static page:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/app-root: /
paths:
- /
Excerpt of helm for react app:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/app-root: app/
paths:
- /app
kubectl describe ingress:
Name: app
Namespace: prod
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
example.com
/app app:http (10.244.2.52:80)
Annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/app-root: app/
Name: static-page
Namespace: prod
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
example.com
/ static-page:80 (10.244.2.40:80)
Annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/app-root: /
You might try to use multipath configuration within one ingress object without nginx.ingress.kubernetes.io/app-root: annotation, it works for me in similar scenario:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
spec:
rules:
- http:
paths:
- backend:
serviceName: static-page
servicePort: 80
path: /
- backend:
serviceName: app
servicePort: 80
path: /app

Kubernetes ingress block in creating state

I have deployed an app with Google Kubernetes Engine. All function works perfectly but I have a strange problem. If I check the status in Google cloud console the ingress is always in creating phase.
You can see it in image:
Have you some suggestion to resolve it?
Thanks
[EDIT]
kubectl describe ingress:
Name: ++++++-nginx-ingress
Namespace: ++++++
Address:
Default backend: default-http-backend:80 (10.4.0.4:8080)
Rules:
Host Path Backends
---- ---- --------
++++++-back.*******.net
++++++-nginx-np:80 (<none>)
++++++.*******.net
++++++-front-np:80 (<none>)
Annotations:
ingress.kubernetes.io/backends: {"k8s-be-30141--93abcf3e6a0e0671":"HEALTHY","k8s-be-32338--93abcf3e6a0e0671":"HEALTHY","k8s-be-32589--93abcf3e6a0e0671":"HEALTHY"}
ingress.kubernetes.io/url-map: k8s-um-++++++-++++++-nginx-ingress--93abcf3e6a0e0671
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.allow-http":"false","kubernetes.io/ingress.global-static-ip-name":"++++++-nginx-ingress-ip"},"labels":{"app":"++++++-nginx-ingress"},"name":"++++++-nginx-ingress","namespace":"++++++"},"spec":{"rules":[{"host":"++++++-back.*******.net","http":{"paths":[{"backend":{"serviceName":"++++++-nginx-np","servicePort":80}}]}},{"host":"++++++.*******.net","http":{"paths":[{"backend":{"serviceName":"++++++-front-np","servicePort":80}}]}}]}}
kubernetes.io/ingress.allow-http: false
kubernetes.io/ingress.global-static-ip-name: ++++++-nginx-ingress-ip
Events:
<none>
YAML file:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ++++++-nginx-ingress
labels:
app: ++++++-nginx-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: ++++++-nginx-ingress-ip
kubernetes.io/ingress.allow-http: "false"
namespace: ++++++
spec:
rules:
- host: ++++++-back.++++++.net
http:
paths:
- backend:
serviceName: ++++++-nginx-np
servicePort: 80
- host: ++++++.++++++.net
http:
paths:
- backend:
serviceName: ++++++-front-np
servicePort: 80
Checking your output I can see that the loadbalncer is not created or not getting your static IP ++++++-nginx-ingress-ip normally after the Spec.Backend
status:
loadBalancer:
ingress:
- ip: xx.xx.xx.xx
On thing the Annotation kubernetes.io/ingress.allow-http: "false" is used when TLS for the ingress is configured.
Another thing you may check if the Add-on for L7 HTTP load balancing is Enabled by default when creating the cluster is enabled