I'm attempting to add an ingress to my AKS cluster and link that to a domain I have purchased but the site always fails to load in the browser. It doesn't matter whether I use the IP address of DNS name, it fails all the same.
I have added a DNS zone and an entry that points to a frontend IP configuration on the load balancer.
This IP corresponds to the external IP of the ingress.
I can also run a curl request which appears to return details of my react application
curl -v -k --resolve oconnorevents.co.uk:443:20.90.138.208 https://oconnorevents.co.uk
* Added oconnorevents.co.uk:443:20.90.138.208 to DNS cache
* Hostname oconnorevents.co.uk was found in DNS cache
* Trying 20.90.138.208:443...
* Connected to oconnorevents.co.uk (20.90.138.208) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=oconnorevents.co.uk; O=aks-ingress-tls
* start date: May 18 18:41:04 2021 GMT
* expire date: May 18 18:41:04 2022 GMT
* issuer: CN=oconnorevents.co.uk; O=aks-ingress-tls
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x1c41bb41a30)
> GET / HTTP/2
> Host: oconnorevents.co.uk
> user-agent: curl/7.75.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< date: Tue, 18 May 2021 22:31:05 GMT
< content-type: text/html
< content-length: 3179
< last-modified: Tue, 18 May 2021 19:15:59 GMT
< etag: "60a4126f-c6b"
< accept-ranges: bytes
< strict-transport-security: max-age=15724800; includeSubDomains
<
<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Web site created using create-react-app"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap"/><title>React App</title><link href="/static/css/main.6dea0f05.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><script>!function(e){function r(r){for(var n,a,i=r[0],c=r[1],l=r[2],s=0,p=[];s<i.length;s++)a=i[s],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&p.push(o[a][0]),o[a]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(f&&f(r);p.length;)p.shift()();return u.push.apply(u,l||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,i=1;i<t.length;i++){var c=t[i];0!==o[c]&&(n=!1)}n&&(u.splice(r--,1),e=a(a.s=t[0]))}return e}var n={},o={1:0},u=[];function a(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,a),t.l=!0,t.exports}a.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise((function(r,n){t=o[e]=[r,n]}));r.push(t[2]=n);var u,i=document.createElement("script");i.charset="utf-8",i.timeout=120,a.nc&&i.setAttribute("nonce",a.nc),i.src=function(e){return a.p+"static/js/"+({}[e]||e)+"."+{2:"edb3d180",4:"2f2d3220",5:"40109260"}[e]+".chunk.js"}(e);var c=new Error;u=function(r){i.onerror=i.onload=null,clearTimeout(l);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing":r.type),u=r&&r.target&&r.target.src;c.message="Loading chunk "+e+" failed.\n("+n+": "+u+")",c.name="ChunkLoadError",c.type=n,c.request=u,t[1](c)}o[e]=void 0}};var l=setTimeout((function(){u({type:"timeout",target:i})}),12e4);i.onerror=i.onload=u,document.head.appendChild(i)}return Promise.all(r)},a.m=e,a.c=n,a.d=function(e,r,t){a.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},a.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.t=function(e,r){if(1&r&&(e=a(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(a.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)a.d(t,n,function(r){return e[r]}.bind(null,n));return t},a.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return a.d(r,"a",r),r},a.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},a.p="/",a.oe=function(e){throw console.error(e),e};var i=this["webpackJsonpoconnorevents.react"]=this["webpackJsonpoconnorevents.react"]||[],c=i.push.bind(i);i.push=r,i=i.slice();for(var l=0;l<i.length;l++)r(i[l]);var f=c;t()}([])</script><script src="/static/js/3.5e3399a8.chunk.js"></script><script src="/static/js/main.8eab695a.chunk.js"></script></body></html>* Connection #0 to host oconnorevents.co.uk left intact
This is the details of my ingress
Name: ingress
Namespace: default
Address: 20.90.138.208
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
aks-ingress-tls terminates oconnorevents.co.uk
Rules:
Host Path Backends
---- ---- --------
oconnorevents.co.uk
/(.*) svc-oconnorevents-react:80 (10.244.0.41:80)
Annotations: kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: true
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 0s (x2 over 23s) nginx-ingress-controller Scheduled for sync
Normal Sync 0s (x2 over 23s) nginx-ingress-controller Scheduled for sync
This is the .yaml
for my ingress...
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
tls:
- hosts:
- oconnorevents.co.uk
secretName: aks-ingress-tls
rules:
- host: oconnorevents.co.uk
http:
paths:
- path: /(.*)
pathType: Prefix
backend:
service:
name: svc-oconnorevents-react
port:
number: 80
And this is the service and app that it's pointing to
apiVersion: v1
kind: Service
metadata:
name: svc-oconnorevents-react
labels:
version: dev
product: oconnorevents-react
spec:
selector:
app: oconnorevents-react
type: ClusterIP
ports:
- port: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dep-oconnorevents-react
spec:
replicas: 1
selector:
matchLabels:
app: oconnorevents-react
template:
metadata:
labels:
app: oconnorevents-react
spec:
containers:
- name: oconnorevents-react
image: oconnorevents.azurecr.io/oconnoreventsreact:#{Build.BuildId}#
ports:
- containerPort: 80
resources:
limits:
cpu: "0.10"
imagePullSecrets:
- name: acr-secret
I feel I am close but where am I going wrong here?
What kind of error are you getting when accessing via a browser?
The curl request is succeeding because you’re explicitly ignoring the self-signed certificate with ‘-k’.