We Keep Coding

Nginx 400 Bad Request in Digital Ocean Kubernetes environment

The domain configured is ticket.devaibhav.live
ping ticket.devaibhav.live is pointing to the correct IP address of the load balancer provisioned by Digital Ocean. I haven't configured SSL on the cluster yet, but if I try to access my website http://ticket.devaibhav.live gives an 400 bad request. I am new to kubernetes and networking inside a cluster.
According to my understanding, when browser sends request to http://ticket.devaibhav.live the request is sent to the Digital Ocean Load balancer and then the ingress service (Ingress-nginx by kubernetes in my case) routes the traffic based on the rules I have defined.
ingress-nginx service
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: 'true'
service.beta.kubernetes.io/do-loadbalancer-hostname: 'ticket.devaibhav.live'
labels:
helm.sh/chart: ingress-nginx-2.0.3
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.32.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
ingress resource rules
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
rules:
- host: ticket.devaibhav.live
http:
paths:
- path: /api/users/?(.*)
pathType: Prefix
backend:
service:
name: auth-srv
port:
number: 3000
- path: /api/tickets/?(.*)
pathType: Prefix
backend:
service:
name: tickets-srv
port:
number: 3000
- path: /api/orders/?(.*)
pathType: Prefix
backend:
service:
name: orders-srv
port:
number: 3000
- path: /api/payments/?(.*)
pathType: Prefix
backend:
service:
name: payments-srv
port:
number: 3000
- path: /?(.*)
pathType: Prefix
backend:
service:
name: client-srv
port:
number: 3000
essentially when I hit http://ticket.devaibhav.live the request should be mapped to the last rule where it must be routed to client-srv.
client deployment and service
apiVersion: apps/v1
kind: Deployment
metadata:
name: client-depl
spec:
replicas: 1
selector:
matchLabels:
app: client
template:
metadata:
labels:
app: client
spec:
containers:
- name: client
image: vaibhav908/client
---
apiVersion: v1
kind: Service
metadata:
name: client-srv
spec:
selector:
app: client
ports:
- name: client
protocol: TCP
port: 3000
targetPort: 3000
The above configuration works well on the development server where I am using minikube.
I am unable to understand where I am going wrong with the configuration. I will provide more details as I feel it would be necessary.
[edit]
on the cluster that is deployed
kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
client-srv ClusterIP 10.245.100.25 <none> 3000/TCP 2d17h
and some other services
kubectl describe ingress
Name: ingress-service
Labels: <none>
Namespace: default
Address: ticket.devaibhav.live
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
ticket.devaibhav.live
/api/users/?(.*) auth-srv:3000 (10.244.1.76:3000)
/api/tickets/?(.*) tickets-srv:3000 (10.244.0.145:3000)
/api/orders/?(.*) orders-srv:3000 (10.244.1.121:3000)
/api/payments/?(.*) payments-srv:3000 (10.244.1.48:3000)
/?(.*) client-srv:3000 (10.244.1.32:3000)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: true
Events: <none>

404 page not found Traefik Kubernetes

I can't access to my services via Traefik Ingress. When i request to machine host 192.168.1.2/elastisearch i receive a 404 response from Traefik.
When i inspect the ingress i get
elasticsearch-api-clusterip:9200 (<error: endpoints "elasticsearch-api-clusterip" not found>) but elasticsearch-api-clusterip endpoint exists
Name: elasticsearch-api-clusterip
Namespace: elastic
Labels: app=elasticsearch
Annotations: <none>
Selector: app=elasticsearch
Type: ClusterIP
IP: 10.108.147.198
Port: <unset> 9200/TCP
TargetPort: 9200/TCP
Endpoints: 10.244.0.44:9200,10.244.2.13:9200,10.244.4.15:9200
Session Affinity: None
Events: <none>```
This is my ingress
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: "v-ingress"
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- http:
paths:
- path: /elasticsearch
backend:
serviceName: elasticsearch-api-clusterip
servicePort: 9200
- path: /traefik-ui
backend:
serviceName: traefik-web-ui
servicePort: web
The request to endpoint give me a response from the service.
Thank you for your helps

Point traefik ingress at different paths with different services under the same host in Kubernetes

I have separate services that point to separate services within my cluster. I have a singular ingress set up, that points to a url, with 3 path objects, /, /path1, and path2. All 3 paths point at separate services. However, when I go to any path, it automatically points to the service from /. I have tried rewrite target, which doesn't seem to make much of a difference. Is there something else I need to do to fix this?
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/auth-response-headers: X-Forwarded-User, X-Auth-User, X-Secret
ingress.kubernetes.io/auth-type: forward
ingress.kubernetes.io/auth-url: http://traefik-forward-auth-svc.ingress.svc.cluster.local:4181
name: ingress1
namespace: dev
spec:
rules:
- host: myurl.com
http:
paths:
- backend:
serviceName: service
servicePort: 80
path: /
- backend:
serviceName: service1
servicePort: 80
path: /path1
- backend:
serviceName: service2
servicePort: 80
path: /path2
Name: service1
Namespace: dev
Labels: <none>
Annotations: <none>
Selector: app=deployment1
Type: ClusterIP
IP: *ip here*
Port: http 80/TCP
TargetPort: 80/TCP
Endpoints: 192.168.159.95:80
Session Affinity: None
Events: <none>
Name: service2
Namespace: dev
Labels: <none>
Annotations: <none>
Selector: app=deployment2
Type: ClusterIP
IP: *ip here*
Port: http 80/TCP
TargetPort: 80/TCP
Endpoints: 192.168.134.76:80
Session Affinity: None
Events: <none>

TLS in Ingress setup timeout

I deployed a basic service in my kubernetes cluster. I handle routing using this Ingress:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: owncloud
spec:
rules:
- host: example.com
http:
paths:
- backend:
serviceName: owncloud
servicePort: 80
I generated a kubernetes secret in default namespace using a generated key and certificate. I named it example-tls and add it to the Ingress config under spec:
tls:
- secretName: example-tls
hosts:
- example.com
When I GET the service using https (curl -k https://example.com), it times out:
curl: (7) Failed to connect to example.com port 443: Connection timed out
It works using http.
What's possibly wrong here?
Here is the describe output of the concerned ingress:
Name: owncloud
Namespace: default
Address:
Default backend: default-http-backend:80 (<none>)
Rules:
Host Path Backends
---- ---- --------
example.com
owncloud:80 (10.40.0.4:80)
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"owncloud","namespace":"default"},"spec":{"rules":[{"host":"example.com","http":{"paths":[{"backend":{"serviceName":"owncloud","servicePort":80}}]}}]}}
Events: <none>
My Ingress Controller service:
$ kubectl describe service traefik-ingress-service -n kube-system
Name: traefik-ingress-service
Namespace: kube-system
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"traefik-ingress-service","namespace":"kube-system"},"spec":{"port...
Selector: k8s-app=traefik-ingress-lb
Type: NodePort
IP: 10.100.230.143
Port: web 80/TCP
TargetPort: 80/TCP
NodePort: web 32001/TCP
Endpoints: 10.46.0.1:80
Port: admin 8080/TCP
TargetPort: 8080/TCP
NodePort: admin 30480/TCP
Endpoints: 10.46.0.1:8080
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>

ingress points to wrong port on a service

I have a Kubernetes service that exposes two ports as follows
Name: m-svc
Namespace: m-ns
Labels:
Annotations: <none>
Selector: app=my-application
Type: ClusterIP
IP: 10.233.43.40
Port: first 8080/TCP
TargetPort: 8080/TCP
Endpoints: 10.233.115.178:8080,10.233.122.166:8080
Port: second 8888/TCP
TargetPort: 8888/TCP
Endpoints: 10.233.115.178:8888,10.233.122.166:8888
Session Affinity: None
Events: <none>
And here is the ingress definition:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: f5
virtual-server.f5.com/http-port: "80"
virtual-server.f5.com/ip: controller-default
virtual-server.f5.com/round-robin: round-robin
creationTimestamp: 2018-10-05T18:54:45Z
generation: 2
name: m-ingress
namespace: m-ns
resourceVersion: "39557812"
selfLink: /apis/extensions/v1beta1/namespaces/m-ns
uid: 20241db9-c8d0-11e8-9fac-0050568d4d4a
spec:
rules:
- host: www.myhost.com
http:
paths:
- backend:
serviceName: m-svc
servicePort: 8080
path: /first/path
- backend:
serviceName: m-svc
servicePort: 8080
path: /second/path
status:
loadBalancer:
ingress:
- ip: 172.31.74.89
But when I go to www.myhost.com/first/path I end up at the service that is listening on port 8888 of m-svc. What might be going on?
Another piece of information is that I am sharing a service between two ingresses that point to different ports on the same service, is this a problem? There is a different ingress port the port 8888 on this service which works fine
Also I am using an F5 controller
After a lot of time investigating this, it looks like the root cause is in the F5s, it looks like because the name of the backend (Kubernetes service) is the same, it only creates one entry in the pool and routes the requests to this backend and the one port that gets registered in the F5 policy. Is there a fix for this? A workaround is to create a unique service for each port but I dont want to make this change , is this possible at the F5 level?

From what I see you don't have a Selector field in your service. Without it, it will not forward to any backend or pod. What makes you think that it's going to port 8888? What's strange is that you have Endpoints in your service. Did you manually create them?
The service would have to be something like this:
Name: m-svc
Namespace: m-ns
Labels:
Annotations: <none>
Selector: app=my-application
Type: ClusterIP
IP: 10.233.43.40
Port: first 8080/TCP
TargetPort: 8080/TCP
Endpoints: 10.233.115.178:8080,10.233.122.166:8080
Port: second 8888/TCP
TargetPort: 8888/TCP
Endpoints: 10.233.115.178:8888,10.233.122.166:8888
Session Affinity: None
Events: <none>
Then in your deployment definition:
selector:
matchLabels:
app: my-application
Or in a pod:
apiVersion: v1
kind: Pod
metadata:
annotations: { ... }
labels:
app: my-application
You should also be able to describe your Endpoints:
$ kubectl describe endpoints m-svc
Name: m-svc
Namespace: default
Labels: app=my-application
Annotations: <none>
Subsets:
Addresses: x.x.x.x
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
first 8080 TCP
second 8081 TCP
Events: <none>

Your Service appears to be what is called a headless service: https://kubernetes.io/docs/concepts/services-networking/service/#headless-services. This would explain why the Endpoints was created automatically.
Something is amiss because it should be impossible for your HTTP request to arrive at you pods without the .spec.selector populated.
I suggest deleting the Service you created and delete the Endpoints with the same name and then recreate the Service with type=ClusterIP and the spec.selector properly populated.