Ingress rule not redirecting to deployment

2/11/2019

Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: assortment-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - myapp.centralus.cloudapp.azure.com
    secretName: aks-ingress-tls
  rules:
  - host: myapp.centralus.cloudapp.azure.com
    http:
      paths:
      - path: /my-service
        backend:
          serviceName: my-backend
          servicePort: 80

deployment & service

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: myservice
    spec:
      containers:
      - name: myservice
        image: myreg.azurecr.io/my-latest
        imagePullPolicy: Always
        ports:
           - name: http
             containerPort: 8080
      imagePullSecrets:
      - name: my-auth

apiVersion: v1
kind: Service
metadata:
 name: my-backend
spec:
 type: ClusterIP
 selector:
   app: myservice
 ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 8080

However

curl https://myapp.centralus.cloudapp.azure.com/my-service

gives

default backend - 404

Note myapp.centralus.cloudapp.azure.com already resolves to the ingress controller's public IP

When I create a service with type LoadBalancer with same config, it works with public api.

-- Neil
azure-aks
azure-kubernetes
kubernetes
kubernetes-ingress
nginx

3 Answers

2/12/2019

When you use the TLS with the Ingress, there also two ways for you to use the certificates.

One is that use your own certificate. You can follow the steps in Create an HTTPS ingress controller and use your own TLS certificates on Azure Kubernetes Service (AKS). But for this, you just can access the URL like this:

curl -v -k --resolve demo.azure.com:443:yourIngressExternalIP https://demo.azure.com

When you use the DNS name that you set in Azure with the Public IP, you can create the certificate like this in your case:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -out aks-ingress-tls.crt \
    -keyout aks-ingress-tls.key \
    -subj "/CN=myapp.centralus.cloudapp.azure.com/O=aks-ingress-tls"

Then you can sue the command curl https://myapp.centralus.cloudapp.azure.com, but it will show like this:

enter image description here

When you use the browser the access the URL, it will show like this:

enter image description here

To use another way you can follow the steps in Create an ingress controller with a static public IP address in Azure Kubernetes Service (AKS). I suggest this way. Take a try.

-- Charles Xu
Source: StackOverflow

2/26/2019

The issue was, when the backend app was accessed via ngix controller the following headers were added

X-FORWARDED-PROTO: https
X-FORWARDED-PORT: 443

While accessing it via the public IP of the LoadBalancer was not a problem The issue could be reproduced when we add the header

curl -v 104.43.164.105 -H "X-Forwarded-Proto: https"

Gives 302 Found

These additional headers were not liked by the following spring-boot configuration in application.yaml

server:
  useForwardHeaders: true

This was fixed by

server:
  useForwardHeaders: false

or

removing the above configuration altogether.

-- Neil
Source: StackOverflow

2/11/2019

First of all check your pods are in running state.

or

maybe cause of redirection of too many ports from 80 to 8080.ingress to service to target port.

your config is absolutely right it is simple problem may be pod not running or wait for some time to with clear cache of browser.

-- Harsh Manvar
Source: StackOverflow