We Keep Coding

Kibana dashboard not loading - {"statusCode":404,"error":"Not Found","message":"not found"} - kubernetes

I am installing kibana with helm like so
values = [
<<-EOT
replicas: 3
healthCheckPath: /admin/kibana/app/kibana
kibanaConfig:
kibana.yml: |
server.basePath: "/admin/kibana"
server.rewriteBasePath: true
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: kong
kubernetes.io/tls-acme: "true"
path: /admin/kibana
I want kibana to be served at path /admin/kibana. eg. https://my-server.com/admin/kibana
I see the error {"statusCode":404,"error":"Not Found","message":"not found"}
In the logs
"res":{"statusCode":404,"responseTime":24,"contentLength":9},"message":"GET / 404 24ms - 9.0B"}
The pods are running fine which means health check is passing at /admin/kibana.
I have the server.basePath set as per documentation. What else is missing?
If I port-forward 5601 from my box,
kubectl port-forward svc/kibana 5601:5601
I can access kibana at localhost:5601/admin/kibana. But not on the domain.
The ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: kong
kubernetes.io/tls-acme: "true"
labels:
app: kibana
heritage: Tiller
release: kibana
name: kibana-kibana
spec:
rules:
- host: xxxx.xxxx.app
http:
paths:
- backend:
serviceName: kibana-kibana
servicePort: 5601
path: /admin/kibana
tls:
- hosts:
- xxxx.xxxx.app
secretName: wildcard-alchemy-tls

The kong ingress by default was stripping path. Hence the issue.

Related

I'm trying to get kubernetes-dashboard up and running under KIND but I'm not getting an ingress created even-though I think I changed the values.yaml to do that. Here is what I have for that section any idea what I'm missing/doing wrong:
ingress:
## If true, Kubernetes Dashboard Ingress will be created.
##
enabled: true
## Kubernetes Dashboard Ingress labels
labels:
key: value
## Kubernetes Dashboard Ingress annotations
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: 'true'
## If you plan to use TLS backend with enableInsecureLogin set to false
## (default), you need to uncomment the below.
## If you use ingress-nginx < 0.21.0
# nginx.ingress.kubernetes.io/secure-backends: "true"
## if you use ingress-nginx >= 0.21.0
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
## Kubernetes Dashboard Ingress Class
# className: "example-lb"
## Kubernetes Dashboard Ingress paths
## Both `/` and `/*` are required to work on gce ingress.
paths:
- /
- /*
## Custom Kubernetes Dashboard Ingress paths. Will override default paths.
##
customPaths:
- pathType: ImplementationSpecific
backend:
service:
name: ssl-redirect
port:
name: use-annotation
- pathType: ImplementationSpecific
backend:
service:
name: >-
{{ include "kubernetes-dashboard.fullname" . }}
port:
# Don't use string here, use only integer value!
number: 443
# Kubernetes Dashboard Ingress hostnames
# Must be provided if Ingress is enabled
#
hosts:
- local.com
# Kubernetes Dashboard Ingress TLS configuration
# Secrets must be manually created in the namespace
#
tls:
- secretName: kubernetes-dashboard-tls
hosts:
- local.com
This will run and if I run:
helm upgrade -f dashboard/values.yaml dashboard dashboard
Release "dashboard" has been upgraded. Happy Helming!
NAME: dashboard
LAST DEPLOYED: Fri Dec 10 16:41:46 2021
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 7
TEST SUITE: None
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
dashboard-kubernetes-dashboard-5d89cf78dd-g6tmb 1/1 Running 0 94m
But:
$ kubectl get ingress
No resources found in kubernetes-dashboard namespace.
Now stackoverflow won't post my question, because I posted mostly code. Maybe this will trick it.

I ended up creating my own ingress:
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/add-base-url: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
tls:
- hosts:
- {{ .Values.apps.nameSpace }}.{{ .Values.apps.domain }}
secretName: my-tls-secret
rules:
- host: {{ .Values.apps.nameSpace }}.{{ .Values.apps.domain }}
http:
paths:
- pathType: Prefix
path: /dashboard(/|$)(.*)
backend:
service:
name: dashboard-kubernetes-dashboard
port:
number: 443

I've been using minikube and this yml file:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /?(.*)
pathType: Prefix
backend:
service:
name: client-cluster-ip
port:
number: 3000
- path: /api/?(.*)
pathType: Prefix
backend:
service:
name: server-cluster-ip
port:
number: 5000
I've installed helm on my GKE cluster and installed ingress-nginx via helm following their directions here.
I kubectl apply my k8s and they all spin up besides the ingress-service from the file above.
Any help is much appreciated.
I've tried this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-service
namespace: my-ingress-nginx
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: client-cluster-ip
servicePort: 3000
- path: /api/*
backend:
serviceName: server-cluster-ip
servicePort: 5000
I'm really stuck here. Not seeing ingress-service show up like I would in minikube and I have no idea why.
server-cluster-ip:
apiVersion: v1
kind: Service
metadata:
name: server-cluster-ip
spec:
type: ClusterIP
selector:
component: server
ports:
- port: 5000
targetPort: 5000
client-cluster-ip:
apiVersion: v1
kind: Service
metadata:
name: client-cluster-ip
spec:
type: ClusterIP
selector:
component: web
ports:
- port: 3000
targetPort: 3000
The deployments and the clusterIp services above are being applied to the cluster but the ingress-service to direct traffic to them is not.
Services:
NAME TYPE
client-cluster-ip ClusterIP
kubernetes ClusterIP
my-ingress-nginx-controller LoadBalancer
my-ingress-nginx-controller-admission ClusterIP
postgres-cluster-ip ClusterIP
redis-cluster-ip ClusterIP
server-cluster-ip ClusterIP
the my-ingress-nginx-controller and my-ingress-nginx-controller-admission was created when I did helm install my-ingress-nginx ingress-nginx/ingress-nginx
Why can't I create an ingress service?

I realized I needed to open port 8443 from the documentation.
So I went to the firewall list in google cloud. Found the rules that had tcp:80,443 in the Protocols / ports. Clicked it, clicked edit and added 8443 to it.
I had an error after but this fixed it:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-resource
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- http:
paths:
- path: /?(.*)
backend:
serviceName: client-cluster-ip
servicePort: 3000
- path: /api/?(.*)
backend:
serviceName: server-cluster-ip
servicePort: 5000
Notice I changed * for ?(.*)

I'm running microk8s v1.18.5 from snap on Ubuntu 20.04 with addons ingress, dns, dashboard, helm3, storage.
I'm trying to externally access running services such as grafana and dashboard. I've configured proxy services and ingresses as per docs:
kind: Service
apiVersion: v1
metadata:
name: grafana
namespace: ingress
spec:
type: ExternalName
externalName: monitoring-grafana.kube-system.svc.cluster.local
ports:
- port: 80
---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: grafana-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
- "grafana.example.com"
secretName: grafana-tls
rules:
- host: grafana.example.com
http:
paths:
- backend:
serviceName: grafana
servicePort: 80
path: /
---
and
kind: Service
apiVersion: v1
metadata:
name: dashboard
namespace: ingress
spec:
type: ExternalName
externalName: kubernetes-dashboard.kube-system.svc.cluster.local
ports:
- port: 443
---
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: dashboard-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
- "dashboard.example.com"
secretName: dashboard-tls
rules:
- host: dashboard.example.com
http:
paths:
- backend:
serviceName: dashboard
servicePort: 443
path: /
---
Trying to access either dashboard or grafana I get:
503 Service Temporarily Unavailable
openresty/1.15.8.1
What can I do to find the root cause?
I'm also running cert-manager and external-dns from helm3, could their config be related to the issue?

First you have to change your dashboard and grafana service type to NodePort for ingress to work correctly.
Besides that Kubernetes dashboard for microk8s is accessible under <master_node_ip>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ path so you have to mention it in either your URL or in your ingress manifest. When you curl dashboard.example.com
it gives you 503 Service Temporarily Unavailable error. However when you enter full path it will show the website:
curl http://dashboard.example.com:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
<!--
Copyright 2017 The Kubernetes Authors.
[...]
This is an example of ingress that will rewrite /api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy to /dashboard/
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: grafana-ingress
namespace: kube-system
annotations:
kubernetes.io/ingress.class: nginx
# Add https backend protocol support for ingress-nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '<base href="/">' '<base href="/dashboard/">';
sub_filter_once on;
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: dashboard.example.com
http:
paths:
- path: /dashboard(/|$)(.*)
backend:
serviceName: kubernetes-dashboard
servicePort: 443

I am struggling to have Ingress controller to properly handle sub paths. My architecture - two services sat on diff paths of one domain. Each service has its own ingress configuration:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress1
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-production-issuer"
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
- hosts:
- api.mydomain.com
secretName: my-secret
rules:
- host: api.mydomain.com
http:
paths:
- path: /path1
backend:
serviceName: service1
servicePort: 80
And
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress2
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-production-issuer"
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- api.mydomain.com
secretName: my-secret
rules:
- host: api.mydomain.com
http:
paths:
- path: /path2
backend:
serviceName: service2
servicePort: 80
With the above configuration, 1st ingress works and i am able to reach my endpoints at api.mydomain.com/path1, in the same time api.mydomain.com/path2 returns http 400. What am i doing wrong?

So the actual problem was a bit different to ingress not being able to find an endpoint. My backend services are secure gRPC services and therefore expect to be called via https or grpcs. So setting an ingress to be running against secure backends solved the problem:
nginx.ingress.kubernetes.io/secure-backends: "true"
For a newer versions of k8s you should use different attributes.

I am using AKS with Helm v2.2 to try deploying a chart that utilizes an nginx LoadBalancer Pod to control all ingress into my services via a single ip address. This is very much in the experimental phase but I have proven that when I use the following Helm ingress configuration for my .net core webapi service:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
hosts:
- host:
paths:
- /
That I can indeed then visit my exposed api and see the swagger ui at
http://[My External IP]/index.html
what I then want to do is place several services behind the same LoadBalancer (as you are intended to) so my expectations were that I could then change the above service configuration to something like this:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
hosts:
- host:
paths:
- /serviceA
Which should then mean I can access the same service via the now updated url:
http://[My External IP]/serviceA/index.html
Is this what I should be expecting to work? Do I need to use any sort of re-write system as so far I get errors back from this url saying that it cannot find certain missing resources. Any attempts at using the re-write annotation have not resulted in helping me here either. Could someone help me out and point out what I may be doing wrong? With the new url path I end up with the following types of errors on what appears to be the files that the index.html page is trying to load suggesting it is half working but needs some re-writing or something?
Failed to load resource: the server responded with a status of 404 ()
As a result of the Helm chart template engine the following ingress yaml file is created:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: myrelease-release-manager
labels:
app.kubernetes.io/name: release-manager
helm.sh/chart: release-manager-0.1.0
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /serviceA
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host:
http:
paths:
- path: /serviceA
backend:
serviceName: myrelease-release-manager
servicePort: 80
As a result of this ingress file I want to visit this service when I go to my external ip address with the path /serviceA/index.html.

Close, you need to update the rewrite target to /$2
nginx.ingress.kubernetes.io/rewrite-target: /$2
Rewrites
/serviceB/foo -> /foo
/serviceA/foo -> /foo
But each one will be directed to the services for that path
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: myrelease-release-manager
labels:
app.kubernetes.io/name: release-manager
helm.sh/chart: release-manager-0.1.0
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: "1.0"
app.kubernetes.io/managed-by: Tiller
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- http:
paths:
- backend:
serviceName: serviceB
servicePort: 80
path: /serviceB(/|$)(.*)
- backend:
serviceName: serviceA
servicePort: 80
path: /serviceA(/|$)(.*)