K
Q

Azure Kubernetes Service - Http Routing Giving 502

9/14/2018

We are trying to host our API in AKS but we are hitting the same issue no matter what ingress option we use. We are running the latest version of kubernetes(1.11.2) on AKS with Http application routing configured. All the services and Pods are healthy according to the dashboard and the DNS Zone /healthz is returning 200, so that's working.

All of the api services are built using the latest version of dotnet core with the / route configured to return a status code 200.

Here's the services & deployments:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: accounts-api
spec:
  replicas: 3
  minReadySeconds: 10
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1 
  template:
    metadata:
      labels:
        app: accounts-api
    spec:
      containers:
      - name: accounts-api
        # image: mycompany.azurecr.io/accounts.api:#{Build.BuildId}#
        image: mycompany.azurecr.io/accounts.api:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8080

---

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: programs-api
spec:
  replicas: 3
  minReadySeconds: 10
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  template:
    metadata:
      labels:
        app: programs-api
    spec:
      containers:
      - name: programs-api
        # image: mycompany.azurecr.io/programs.api:#{Build.BuildId}#
        image: mycompany.azurecr.io/programs.api:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8080

---

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: teams-api
spec:
  replicas: 3
  minReadySeconds: 10
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  template:
    metadata:
      labels:
        app: teams-api
    spec:
      containers:
      - name: teams-api
        # image: mycompany.azurecr.io/teams.api:#{Build.BuildId}#
        image: mycompany.azurecr.io/teams.api:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8080

---

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: payments-api
spec:
  replicas: 3
  minReadySeconds: 10
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  template:
    metadata:
      labels:
        app: payments-api
    spec:
      containers:
      - name: payments-api
        # image: mycompany.azurecr.io/payments.api:#{Build.BuildId}#
        image: mycompany.azurecr.io/payments.api:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 8080

---

apiVersion: v1
kind: Service
metadata:
  name: accounts-api-service
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app: accounts-api
  type: ClusterIP

--- 

apiVersion: v1
kind: Service
metadata:
  name: programs-api-service
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app: programs-api
  type: ClusterIP

--- 

apiVersion: v1
kind: Service
metadata:
  name: teams-api-service
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app: teams-api
  type: ClusterIP

--- 

apiVersion: v1
kind: Service
metadata:
  name: payments-api-service
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app: payments-api
  type: ClusterIP

---

Firstly, we tried to use Path Based Fanout, like so:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-api-ingress
  annotations:
    kubernetes.io/ingress.class: addon-http-application-routing
spec:
  rules:
  - host: mycompany-api.d6b1cf1ede294842b0ed.westeurope.aksapp.io
    http:
      paths:
      - path: /accounts-api
        backend:
          serviceName: accounts-api-service
          servicePort: 80
      - path: /programs-api
        backend:
          serviceName: programs-api-service
          servicePort: 80
      - path: /teams-api
        backend:
          serviceName: teams-api-service
          servicePort: 80
      - path: /workouts-api
        backend:
          serviceName: payments-api-service
          servicePort: 80

---

But we were hitting a 502 bad gateway for each path. We then tried aggregating the ingresses and assigning a host per service:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-api-ingress
  annotations:
    kubernetes.io/ingress.class: addon-http-application-routing
spec:
  rules:
  - host: accounts-api.d6b1cf1ede294842b0ed.westeurope.aksapp.io
    http:
      paths:
      - path: /
        backend:
          serviceName: accounts-api-service
          servicePort: 80
  - host: programs-api.d6b1cf1ede294842b0ed.westeurope.aksapp.io
    http:
      paths:
      - path: /
        backend:
          serviceName: programs-api-service
          servicePort: 80
  - host: teams-api.d6b1cf1ede294842b0ed.westeurope.aksapp.io
    http:
      paths:
      - path: /
        backend:
          serviceName: teams-api-service
          servicePort: 80
  - host: payments-api.d6b1cf1ede494842b0ed.westeurope.aksapp.io
    http:
      paths:
      - path: /
        backend:
          serviceName: payments-api-service
          servicePort: 80

---

The Azure DNS Zone is adding the correct txt and A records for each of the services but we are still hitting the 502.

From what we can tell from googling it seems as though the wiring of the ingress to the services is screwy, but as far as we can see our deploy script looks ok. Ideally we would like to use the path based fanout option, so what could the issue be? Base Path configuration?

--
azure
azure-kubernetes
kubernetes
kubernetes-ingress
nginx

Similar Questions

Nginx ingress controller 400 error when request header is "too long"
Kubernetes: How do I get all pods in a namespace using the python api?
Bad latency in GKE between Pods
Kubernetes ingress rules: How to use wildcard and specific subdomain together

0 Answers