Kubernetes-Ingress: How do I properly route to two services with HTTPS?

6/23/2019

I'm trying to deploy a ReactJs app and an Express-GraphQL server through Kubernetes. But I'm having trouble setting up an ingress to route traffic to both services. Specifically I can no longer reach my back-end.

When I made the React front-end and Express back-end as separate services and exposed them, it ran fine. But now I'm trying to enable HTTPS and DNS. And route to both of them through Ingress.

Here are my service yaml files

apiVersion: v1
kind: Service
metadata:
  name: bpmclient
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 5000
  selector:
    run: bpmclient
  type: NodePort
apiVersion: v1
kind: Service
metadata:
  name: bpmserver
  namespace: default
spec:
  ports:
  - port: 3090
    protocol: TCP
    targetPort: 3090
  selector:
    run: bpmserver
  type: NodePort

and my Ingress...

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: bpm-nginx
  annotations:
    kubernetes.io/ingress.global-static-ip-name: bpm-ip
    networking.gke.io/managed-certificates: bpmclient-cert
    ingress.kubernetes.io/enable-cors: "true"
    ingress.kubernetes.io/cors-allow-origin: "https://example.com"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /v2/*
        backend:
          serviceName: bpmserver
          servicePort: 3090
      - path: /*
        backend:
          serviceName: bpmclient
          servicePort: 80

Through this setup I've been able to visit the client successfully using https. But I can't reach my back-end anymore through the client or just browsing to it. I'm getting a 502 server error. But I check the logs for the back-end pod and don't see anything besides 404 logs.

My front-end is reaching the back-end through example.com/v2/graphql. When I run it locally on my machine I go to localhost:3090/graphql. So I don't see why I'm getting a 404 if the routing is done correctly.

-- Tony Martinez
kubernetes
kubernetes-ingress

1 Answer

6/25/2019

I see few things that might be wrong here:

  1. Ingress objects should be created in the same namespace as the services it routes. I see that you have specified namespace: default in your services' yamls but not in Ingress.

  2. I don't know which version of Ingress you are using but accorind to the documentation after 0.22.0

ingress definitions using the annotation nginx.ingress.kubernetes.io/rewrite-target are not backwards compatible with previous versions. In Version 0.22.0 and beyond, any substrings within the request URI that need to be passed to the rewritten path must explicitly be defined in a capture group.

  1. path: should be nested after backend: and capture group should be added to the nginx.ingress.kubernetes.io/rewrite-target: / in numered placeholder like $1

So you should try something like this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: bpm-nginx
  namespace: default
  annotations:
    kubernetes.io/ingress.global-static-ip-name: bpm-ip
    networking.gke.io/managed-certificates: bpmclient-cert
    ingress.kubernetes.io/enable-cors: "true"
    ingress.kubernetes.io/cors-allow-origin: "https://example.com"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: bpmserver
          servicePort: 3090
        path: /v2/?(.*)
      - backend:
          serviceName: bpmclient
          servicePort: 80
        path: /?(.*)

Please let me know if that helped.

-- OhHiMark
Source: StackOverflow