Good Morning. I have a GRPC server that I want to serve on Google Kubernetes Engine. My cluster already has the nginx-ingress controller installed, and I'm currently using this to serve http/https traffic. This is the ingress resource I've tried to make to host the GRPC server:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: grpc-ingress-nginx
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/grpc-backend: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
namespace: default
spec:
tls:
- hosts:
- bar.foo.com
secretName: reploy-tls
rules:
- host: bar.foo.com
http:
paths:
- backend:
serviceName: bar-backend-service
servicePort: 50051
And here's the service/deployment for the app:
apiVersion: v1
kind: Service
metadata:
name: bar-backend-service
namespace: default
spec:
selector:
app: bar-backend-app
ports:
- port: 50051
targetPort: 50051
name: grpc
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: bar-backend
labels:
app: bar-backend-app
namespace: default
spec:
replicas: 1
template:
metadata:
labels:
app: bar-backend-app
spec:
containers:
- name: bar-backend-image
image: gcr.io/himank-jay/bar-backend-image:TAG
ports:
- containerPort: 50051
name: grpc
When I run grpc_cli ls bar.foo.com:443 (using grpc_cli), I get the following error:
{"created":"#1580833741.460274000","description":"Error received from peer ipv4:x.x.x.x:x","file":"src/core/lib/surface/call.cc","file_line":1055,"grpc_message":"Socket closed","grpc_status":14}
And the error from the nginx-controller is as follows:
x.x.x.x - - [04/Feb/2020:16:28:46 +0000] "PRI * HTTP/2.0" 400 157 "-" "-" 0 0.020 [] [] - - - - xxxxx
Any ideas on what's wrong here? Or any thoughts on how to debug this?
The server is serving HTTP/1.x, not HTTP/2 that's required for gRPC.
You can try adding the following annotation to the Ingress config
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
...as explained here.
It is also worth checking the use-http2 flag in the nginx configuration (it should be enabled, true, by default).
EDIT, regarding the new error:
PRI * HTTP/2.0 is the so-called HTTP/2 Connection Preface - part of negotiating HTTP/2. It still appears that nginx isn't configured for HTTP/2.
Related
When I try to use a path different from / and a rewrite annotation in an ingress service I get an "error timeout" in browser. I need to be able to access my front with something like example.com/dev and the frontend's pod needs to receive requests to /.
I use Azure K8s 1.22.6 and Nginx ingress 4.1.0.
Here's my resources:
apiVersion: v1
kind: Service
metadata:
name: frontend-service
spec:
selector:
app: frontend
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend-deployment
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: ealen/echo-server
ports:
- containerPort: 80
imagePullPolicy: Always
And ingress. This configuration works and I left lines which I'm needed commented:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-fa
# annotations:
# nginx.ingress.kubernetes.io/use-regex: "true"
#nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
ingressClassName: nginx
rules:
- http:
paths:
#- path: /dev(/|$)(.*)
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
If I use the rewrite annotation $2 and the path "/dev(/|$)(.*)" then I get "ERR_CONNECTION_TIMED_OUT". What I'm missing?
the problem was in the frontend vue application - I've added
publicPath: '/dev/',
into the vue.config.js
ps I've skipped the echo service
Hello I am new to devops
Problem: Unable to access the ticketing.dev from browser (configured using nginx)
I am using nginx and use minikube (running everything locally)
this is my service and deployment file
apiVersion: apps/v1
kind: Deployment
metadata:
name: auth-depl
spec:
replicas: 1
selector:
matchLabels:
app: auth
template:
metadata:
labels:
app: auth
spec:
containers:
- name: auth
image: arshad/auth
---
apiVersion: v1
kind: Service
metadata:
name: auth-srv
spec:
type: NodePort
selector:
app: auth
ports:
- name: auth
protocol: TCP
port: 3000
targetPort: 3000
this is my ingress file
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
spec:
rules:
- host: ticketing.dev
http:
paths:
- path: /api/users/?(.*)
pathType: Prefix
backend:
service:
name: auth-serv
port:
number: 3000
this is my
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-service <none> ticketing.dev 192.168.99.101 80 45m
I also added the /etc/hosts ip like ticketing.dev 192.168.99.101 but still I am getting 503 Service Temporarily Unavailable
Anyone please help.
Hi you have a typo thats why. Your service name is auth-srv when in ingress you are calling service name auth-serv . Change it on ingress to auth-srv instead of auth-serv .
I have deployed an Angular UI and a .Net Core service to my Kubernetes cluster. I have exposed both the services using an NGINX ingress controller. However, when I hit my .Net service, I am getting the below error in the NGINX logs:
connect() failed (111: Connection refused) while connecting to upstream,
client: 10.240.0.6, server: _,
request: "GET /api/login/login HTTP/1.1",
upstream: "http://10.244.0.54:85/api/login/login",
host: "host_IP"
My microservice deployment YAML is
---
apiVersion: v1
kind: Service
metadata:
name: login-microservice
namespace: application
spec:
type: ClusterIP
ports:
- port: 85
selector:
app: login-microservice
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: login-microservice
namespace: application
spec:
replicas: 1
selector:
matchLabels:
app: login-microservice
template:
metadata:
labels:
app: login-microservice
spec:
containers:
- name: login-microservice
image: XXX/login-microservice:latest
imagePullPolicy: Always
ports:
- containerPort: 85
imagePullSecrets:
- name: example-secret
restartPolicy: Always
---
My Ingress for this service is :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-login
namespace: application
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS, HTTP, HTTPS"
nginx.ingress.kubernetes.io/cors-allow-origin: "host_IP"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
spec:
rules:
- http:
paths:
- path: /api
backend:
serviceName: login-microservice
servicePort: 85
The cluster IP of the service is defined as 10.0.57.60
and the endpoint of the service is defined as 10.244.0.54.
Please help.
I am still struggling with kubernetes.
I have issue with preserving request IP address on service for logging purposes. Logging is done with GRPC server. This code is working outside kubernetes as intended.
Service is defined similar to this.
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
name: grpc-api
name: grpc-api
namespace: myns
spec:
ports:
- name: ext-5000
port: 5000
targetPort: 5000
- name: grpc-5050
port: 5050
targetPort: 5050
selector:
name: grpc-api
type: ClusterIP
Ingress is:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-myns
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: GRPC
nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
labels:
name: api-grpc
name: api-grpc
namespace: myns
spec:
rules:
- host: api.example.org
http:
paths:
- backend:
serviceName: grpc-api
servicePort: 5000
path: /
tls:
- hosts:
- api.example.org
secretName: grpc-api-ingress-cert
Documentation mentions externalTrafficPolicy: Local in service, where type is LoadBalancer. Would it be enough to add parameter above to ClusterIP type service or do I have to change it to something else?
Thank you in advance.
I'm trying to expose my deployment on my Kubernetes cluster using a service and a Nginx ingress. I currently have following configuration.
apiVersion: apps/v1
kind: Deployment
metadata:
name: mira-api-deployment
spec:
replicas: 1
selector:
matchLabels:
app: mira-api
template:
metadata:
labels:
app: mira-api
spec:
containers:
- name: backend
image: registry.gitlab.com/izit/mira-backend
ports:
- containerPort: 8080
name: http
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: mira-api-service
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
app: mira-api
type: NodePort
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: mira-api-ingress
spec:
tls:
- hosts:
- kubernetes.mira-appservice.be
secretName: mirasecret
rules:
- host: kubernetes.mira-appservice.be
http:
paths:
- backend:
serviceName: mira-api-service
servicePort: 8080
This configuration makes my deployment publically available over HTTPS with the correct certificate etc.
The only problem is that I receive a HTTP 502 error message when making a request.
When I check the logs of the ingress is see following error message:
When I describe the ingress I get the following information:
Is the configuration of my service correct? Or is there something else missing in the configuration?
UPDATE
Output for service: