I am trying to add an ingress rule to an internal load balancer. As per the dock it can be redirected to a service. It works as long as the service is "ClusterIP" but goes to infinite redirect when its "LoadBalancer"
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: demo-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- demo.azure.com
secretName: aks-ingress-tls
rules:
- host: demo.azure.com
http:
paths:
- path: /
backend:
serviceName: aks-helloworld
servicePort: 80
- path: /demo
backend:
serviceName: demo-backend
servicePort: 80
https://demo.azure.com works but https://demo.azure.com/demo doesn’t. Difference is aks-helloworld is a ClusterIP but demo-backend is a LoadBalancer
13:33 $ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
aks-helloworld ClusterIP 10.0.204.168 <none> 80/TCP 15m
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 16h
demo-backend LoadBalancer 10.0.198.251 23.99.128.86 80:30332/TCP 15h
The issue was because of the following headers added by the engine controller.
X-FORWARDED-PROTO: https
X-FORWARDED-PORT: 443
Why are you exposing the Service as type "LoadBalancer" if you are using Ingress for the resource? You are essentially hitting a the ingress loadbalancer then hitting another service loadbalancer, which is probably causing this redirect issue.
For your issue, I don't think it's the problem that one has the type clusterIP and another has the type LoadBalancer. When the traffic coming in through the two ways, they will all redirect to the service, in your case, demo-backend.
See the result of the test on my side:
Access from the Internet:
I do not add the TLS, but I think the traffic will all redirect to the service no matter it has the TLS or not. I just change the command with --set serviceType="LoadBalancer"
when I install the second application through helm. So you can check if there something wrong with your steps.
But I don't think it's a good way to route traffic both in these two ways to one service. If you use the TLS through Ingress, and it will be no secure when there is the way with LoadBalancer at the same time. Because the traffic will bypass the TLS through LoadBalancer.
Update
With your comment, I think you need to create a deployment for your application, and then create a service with it, the file like this:
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 1
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: yourImage
ports:
- containerPort: 80
name: myapp
---
apiVersion: v1
kind: Service
metadata:
name: demo-backend
labels:
app: myapp
spec:
type: ClusterIP
selector:
app: myapp
ports:
- port: 80
name: http
The deployment is the basis of the application, the service just accepts the traffic for the pod. So I guess you miss the deployment so that you can access your application.