K
Q

Problem with Kubernetes and Nginx. Error code

1/17/2019

I'm trying to deploy my first Kubernetes application. I've set up everyting but now when I try to acces it over the clusters IP adress I get this message:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\": No policy matched.",
  "reason": "Forbidden",
  "details": {

  },
  "code": 403
}

Anybody knows what could be the problem? Does it has anything to do with NGNIX?

Also here is my .yaml file:

# Certificate
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: ${APP_NAME}
  namespace: gitlab-managed-apps
spec:
  secretName: ${APP_NAME}-cert
  dnsNames:
    - ${URL}
    - www.${URL}
  acme:
    config:
      - domains:
          - ${URL}
          - www.${URL}
        http01:
          ingressClass: nginx
  issuerRef:
    name: ${CERT_ISSUER}
    kind: ClusterIssuer

---
# Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ${APP_NAME}
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/from-to-www-redirect: 'true'
spec:
  tls:
    - secretName: ${APP_NAME}-cert
      hosts:
        - ${URL}
        - www.${URL}
  rules:
    - host: ${URL}
      http:
        paths:
          - backend:
              serviceName: ${APP_NAME}
              servicePort: 80

---
# Service
apiVersion: v1
kind: Service
metadata:
  name: ${APP_NAME}
  labels:
    app: ${CI_PROJECT_NAME}
spec:
  selector:
    name: ${APP_NAME}
    app: ${CI_PROJECT_NAME}
  ports:
    - name: http
      port: 80
      targetPort: http

---
# Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ${APP_NAME}
  labels:
    app: ${CI_PROJECT_NAME}
spec:
  replicas: ${REPLICAS}
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: ${CI_PROJECT_NAME}
  template:
    metadata:
      labels:
        name: ${APP_NAME}
        app: ${CI_PROJECT_NAME}
    spec:
      containers:
        - name: webapp
          image: eu.gcr.io/my-site/my-site.com:latest
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 80
          env:
            - name: COMMIT_SHA
              value: ${CI_COMMIT_SHA}
          livenessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 30
            timeoutSeconds: 1
          readinessProbe:
            tcpSocket:
              port: 80
            initialDelaySeconds: 5
            timeoutSeconds: 1
          resources:
            requests:
              memory: '16Mi'
            limits:
              memory: '64Mi'
      imagePullSecrets:
        - name: ${REGISTRY_PULL_SECRET}

I would really appreciate it if anybody could help me!

-- user9468014
google-cloud-messaging
kubernetes
nginx

Similar Questions

MQ connection refused
How to gracefully shutdown a Go service running on Kubernetes
Install Order in K8s
Is there a way to enable IPVS proxy-mode on GKE cluster?

1 Answer

1/17/2019

Just add the path in you ingress:

 rules:
    - host: ${URL}
      http:
        paths:
          - backend:
              serviceName: ${APP_NAME}
              servicePort: 80
            path: /

https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource

-- Arslanbekov
Source: StackOverflow