Ingress and nginx configuration issue

9/17/2019

I have a containerised application & I am trying to pass the header proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; from my nginx to my rails application.

but when i use this header, the readiness and liveliness probes start failing with status 502 and awaiting headers and my deployment does not successfully complete.

Here is the outoput of kubectl describe pod where we see 502

  Warning  Unhealthy  11m                   kubelet, gke-cluster-1-upgraded-pool--v82p  Liveness probe failed: Get http://10.16.0.1:3000/users/sign_in: dial tcp 10.16.0.221:3000: connect: connection refused
  Warning  Unhealthy  11m                   kubelet, gke-cluster-1-upgraded-pool--v82p  Readiness probe failed: HTTP probe failed with statuscode: 502
  Warning  Unhealthy  11m                   kubelet, gke-cluster-1-upgraded-pool--v82p  Liveness probe failed: HTTP probe failed with statuscode: 502
  Warning  Unhealthy  11m                   kubelet, gke-cluster-1-upgraded-pool--v82p  Readiness probe failed: Get http://10.16.0.1:3000/users/sign_in: dial tcp 10.16.0.221:3000: connect: connection refused
  Warning  Unhealthy  11m                   kubelet, gke-cluster-1-upgraded-pool--v82p  Liveness probe failed: Get http://10.16.0.1:3000/users/sign_in: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
  Warning  BackOff    84s (x33 over 8m56s)  kubelet, gke-cluster-1-upgraded-pool--v82p  Back-off restarting failed container

Previously the header value was proxy_set_header X-Forwarded-For $http_x_forwarded_for;

below is the relevant part of my nginx.conf

http {
  set_real_ip_from 1.2.3.4; -- example ip
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;

  server {
    listen 80 default_server;
    server_name _;
    client_max_body_size 16m;
    location @app {
      proxy_pass http://127.0.0.1:3000;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
    }
  }
}

below is my deployment file, i have tried to keep only the relevant parts and removed volumne mounts and db connection settings

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: backend

spec:
  template:
    metadata:
      labels:
        app: backend
    spec:
      initContainers:
        - name: nginx-config
          image: my_nginx
          command: ['/bin/sh', '-c']
          args: ["sed -i -e 's/gzip_types/gzip_types application\\/json/g' /etc/nginx/nginx.conf && mv /etc/nginx/* /etc/nginx-new/"]
          volumeMounts:
            - name: nginx-config
              mountPath: /etc/nginx-new
        - name: copy-assets
          image: unicorn_image
          command: ['sh', '-c', 'cp -a /app/public/* /mnt/']
          volumeMounts:
            - name: assets
              mountPath: /mnt
      containers:
        - name: unicorn
          image: unicorn_image
          ports:
            - containerPort: 3000
          env:
          livenessProbe:
            httpGet:
              path: /users/sign_in
              port: 3000
              scheme: HTTP
            initialDelaySeconds: 10  
          readinessProbe:
            httpGet:
              path: /users/sign_in
              port: 3000
              scheme: HTTP
            initialDelaySeconds: 10  
        - name: nginx
          image: my_nginx
          ports:
            - containerPort: 80
          livenessProbe:
            httpGet:
              path: /users/sign_in
              port: 80
              scheme: HTTP
            initialDelaySeconds: 10  
          readinessProbe:
            httpGet:
              path: /users/sign_in
              port: 80
              scheme: HTTP
            initialDelaySeconds: 10  
          volumeMounts:
            - name: assets
              mountPath: /var/www
              readOnly: true
            - name: nginx-config
              mountPath: /etc/nginx

Update: i see that the nginx container is not getting created. Please see below

kubectl exec -it backend-6f4974cfd6-jtnqk -c nginx -- /bin/bash error: unable to upgrade connection: container not found ("nginx")

Not sure as to how updating a header is causing an issue.

can anyone please point me in the right direction as to how i can fix it, Thanks.

-- opensource-developer
kubernetes
kubernetes-ingress
nginx
nginx-ingress

1 Answer

9/17/2019

1. According to the second question please add volumes an emptyDir or hostPath into your deployment.spec.template.spec section

apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend
spec:
  replicas: 2
  selector:
    matchLabels:
      app: backend
  template:
    metadata:
      labels:
        app: backend
    spec:
      initContainers:
      - name: ubuntu
        image: ubuntu
        command: ["/bin/sh"]
        args: ["-c", " echo test > /test1/index.html "]
        volumeMounts:
        - name: nginx-index
          mountPath: /test1
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nginx-index
          mountPath: /usr/share/nginx/html
      volumes:
      - name: nginx-index
        emptyDir: {}

2. If you are using standard nginx image, please keep in mind that providing args and commands it will change f..e entrypoint defined in Dockerimage

3. In my opinion it will be better to use configMap in order to provide specific configuration into nginx

Hope this help

-- Hanx
Source: StackOverflow