K
Q

Ingress rule does not work with Service of type LoadBalancer

2/9/2019

I am trying to add an ingress rule to an internal load balancer. As per the dock it can be redirected to a service. It works as long as the service is "ClusterIP" but goes to infinite redirect when its "LoadBalancer"

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: demo-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - demo.azure.com
    secretName: aks-ingress-tls
  rules:
  - host: demo.azure.com
    http:
      paths:
      - path: /
        backend:
          serviceName: aks-helloworld
          servicePort: 80
      - path: /demo
        backend:
          serviceName: demo-backend
          servicePort: 80

https://demo.azure.com works but https://demo.azure.com/demo doesn’t. Difference is aks-helloworld is a ClusterIP but demo-backend is a LoadBalancer

13:33 $ kubectl get services
NAME                  TYPE           CLUSTER-IP     EXTERNAL-IP    PORT(S)        AGE
aks-helloworld        ClusterIP      10.0.204.168   <none>         80/TCP         15m
kubernetes            ClusterIP      10.0.0.1       <none>         443/TCP        16h
demo-backend   LoadBalancer   10.0.198.251   23.99.128.86   80:30332/TCP   15h
-- Neil
azure
azure-aks
kubernetes
kubernetes-helm
kubernetes-ingress

Similar Questions

How to view the permissions/roles associated with a specific service account in k8s?
Pod to Pod communication is not working in kubernetes
IApplicationBuilder does not includes a definition for UseHealthChecks
How to fix urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)> Error
Calling Spark Operator on K8s from Java Program
Is it possible to pass the current datetime in a kubernetes yaml env setting?
dask kubernetes aks (azure) virtual nodes
How to tell Kibana to read a container name having dash inside as a single string
Do multiple pods in Kubernetes pull the same image
Change Container Runtime without destroying cluster
microk8s Kubernetes Service connection refused
CouchbaseCluster resource in kubernetes disappears after a few days
Unable to view the logs on the vm2 node
Unable to access angular container on localhost even though its been allocated a external IP
calico network connectivity failing between pods and services and pods in different hosts

3 Answers

2/26/2019

The issue was because of the following headers added by the engine controller.

X-FORWARDED-PROTO: https
X-FORWARDED-PORT: 443

Answer https://stackoverflow.com/a/54880257/747456

-- Neil
Source: StackOverflow
2/10/2019

Why are you exposing the Service as type "LoadBalancer" if you are using Ingress for the resource? You are essentially hitting a the ingress loadbalancer then hitting another service loadbalancer, which is probably causing this redirect issue.

-- Strebel - MSFT
Source: StackOverflow
2/11/2019

For your issue, I don't think it's the problem that one has the type clusterIP and another has the type LoadBalancer. When the traffic coming in through the two ways, they will all redirect to the service, in your case, demo-backend.

See the result of the test on my side:

enter image description here

Access from the Internet:

enter image description here enter image description here

I do not add the TLS, but I think the traffic will all redirect to the service no matter it has the TLS or not. I just change the command with --set serviceType="LoadBalancer" when I install the second application through helm. So you can check if there something wrong with your steps.

But I don't think it's a good way to route traffic both in these two ways to one service. If you use the TLS through Ingress, and it will be no secure when there is the way with LoadBalancer at the same time. Because the traffic will bypass the TLS through LoadBalancer.

Update

With your comment, I think you need to create a deployment for your application, and then create a service with it, the file like this:

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: myapp
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: myapp
        image: yourImage
        ports:
        - containerPort: 80
          name: myapp
---
apiVersion: v1 
kind: Service 
metadata: 
    name: demo-backend 
    labels: 
        app: myapp 
spec: 
    type: ClusterIP 
    selector: 
        app: myapp 
    ports: 
    - port: 80
      name: http

The deployment is the basis of the application, the service just accepts the traffic for the pod. So I guess you miss the deployment so that you can access your application.

-- Charles Xu
Source: StackOverflow