K
Q

CORS issue during GET and POST with an HTTPS API hosted on Azure Kubernetes Service

2/21/2021

I have recently deployed my .NET Core 3.1 based API into an AKS cluster and used an NGINX ingress to access it. I added an A record to my domain DNS to point to the public IP address provided by the NGINX controller. I also set up TLS in the ingress manifest then set up a DevOps pipeline to use Helm to deploy my API to AKS. When I browse my domain, Swagger loads but when I try calling the API, Swagger displays an undocumented code where the details field contains TypeError: Failed to fetch. The API is simply supposed to return an OK.

I thought it was a CORS-related issue so I enabled CORS both on the API level and on the ingress level.

Here is my ingress manifest:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
{{ $fullname := include "testchart.fullname" .}}
{{ $serviceport := .Values.service.port }}
{{ $ns := .Values.namespace }}
{{ with .Values.ingress }}
metadata:
  name: {{ $fullname }}-ing
  namespace: {{ $ns }}
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "https://api.mydomain.io"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: PUT, GET, POST, OPTIONS, DELETE, PATCH    
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - {{ .host }}
    secretName: {{ .tls.secretname }}
  rules:
  - host: {{ .host }}
    http:
      paths:
      - backend:
          serviceName: {{ $fullname }}-svc
          servicePort: {{ $serviceport }}
{{ end }}

When I try to hit the API in Postman, I get a warning saying Unable to verify the first certificate. The certificate I am using doesn't seem to have an issue as I can load the address in all browsers without getting an invalid or non-secure certificate warning.

Something I noticed is when I changed the type of the Kubernetes service from ClusterIP to LoadBalancer and browsed the public IP of the service, I managed to get an OK after calling the same API on Swagger.

Any idea what could be wrong?

Edit: I just removed the tls section from the ingress manifest and deployed the API. It worked. So it seems to have something to do with HTTPS.

-- Mar Chal
azure-aks
kubernetes
nginx-ingress

Similar Questions

Does kubernetes come with docker by default
kubectl describe node does not report proper pod usage
Google Cloud Kubernetes Nginx Ingress hang on "Creating ingress"
How to enable IPV6 support in IBM Kubernetes service
How to set a different namespace for child helm charts?

0 Answers