Unable to access the nginx page on curl in openshift

12/28/2021

I am running nginx as load balancer in OpenShift, for this i've created configmap, deployment, exposed it as service of type load balancer and created a relevant route. Please note that, ssl is also setup in its configurations. When I allocate a public IP to it, it's giving error connection refused. The route seems to be correct but it is not working as intended.

Config map file

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-conf
  namespace: nginx-ingress
data:
  nginx.conf: |-
    user nginx;
    worker_processes  10;
    events {
      worker_connections  10240;
    }
    http {
      server {
          listen       80;
          server_name  localhost;
          location / {
            root   /usr/share/nginx/html; # root path for file
            index  index.html index.htm;
        }
      }
    }
  default.conf: |-
    # file mounted externally
    server {
    listen       80;
    server_name  localhost;

    
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    ssl_certificate /etc/letsencrypt/server.crt;
    ssl_certificate_key /etc/letsencrypt/server.key;
    ssl_trusted_certificate /etc/letsencrypt/rootCA.pem;

    root /usr/share/nginx/html;
    index index.html index.htm;
    
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page  404              /404.html;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    }
  index.html: |-
    <!DOCTYPE html>
    <html>
    <head>
    <title>Welcome to nginx!</title>
    <style>
        body {
            width: 35em;
            margin: 0 auto;
            font-family: Tahoma, Verdana, Arial, sans-serif;
        }
    </style>
    </head>
    <body>
    <h1>Welcome to nginx!</h1>
    <p>If you see this page, the nginx web server is successfully installed and
    working. Further configuration is required.</p>

    <p>For online documentation and support please refer to
    <a href="http://nginx.org/">nginx.org</a>.<br/>
    Commercial support is available at
    <a href="http://nginx.com/">nginx.com</a>.</p>

    <p><em>Thank you for using nginx. Response from ingress/proxy.</em></p>
    </body>
    </html>

Deployment file

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: nginx-ingress
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 1
  template:
    metadata:
      labels:
        app: nginx
    spec:
      nodeSelector:
        compute1: worker1
      volumes:
      - name: nginx-conf
        configMap:
          name: nginx-conf
          items:
            - key: nginx.conf
              path: nginx.conf
            - key: default.conf
              path: default.conf
            - key: index.html
              path: index.html
      - name: ca-pem
        configMap:
          name: ca-pem
      - name: ca-crt
        configMap:
          name: ca-crt
      - name: ca-key
        configMap:
          name: ca-key
      containers:
      - name: nginx-alpine-perl
        image: docker.io/library/nginx@sha256:51212c2cc0070084b2061106d5711df55e8aedfc6091c6f96fabeff3e083f355
        ports:
        - containerPort: 80
        - containerPort: 443
        securityContext:
          allowPrivilegeEscalation: false
          #runAsUser: 0
        volumeMounts:
          - name: nginx-conf
            mountPath: /etc/nginx
            #subPath: nginx.conf
            readOnly: true
          - name: nginx-conf
            mountPath: /etc/nginx/conf.d
            readOnly: true
          - name: nginx-conf
            mountPath: /usr/share/nginx/html
            #subPath: nginx.conf
            readOnly: true
          - name: ca-pem
            mountPath: /etc/letsencrypt/rootCA.pem
            subPath: rootCA.pem
            readOnly: false
          - name: ca-crt
            mountPath: /etc/letsencrypt/server.crt
            subPath: server.crt
            readOnly: false
          - name: ca-key
            mountPath: /etc/letsencrypt/server.key
            subPath: server.key
            readOnly: true

Svc file

apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
 type: LoadBalancer
 ports:
 - port: 80
   name: http
   protocol: TCP
   targetPort: 80
   #nodePort: 30008
 - port: 443
   name: https
   protocol: TCP
   targetPort: 443
   #nodePort: 30009
 selector:
   app: nginx
status:
  loadBalancer:
    ingress:
    - ip: <Public IP>

route file

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  annotations:
    openshift.io/host.generated: "true"
  name: nginx-ingress
  namespace: nginx-ingress
  selfLink: /apis/route.openshift.io/v1/namespaces/nginx-ingress/routes/nginx-ingress
spec:
  host: <Some url: nginx-ingress.app>
  to:
    kind: Service
    name: nginx
    weight: 100
  wildcardPolicy: None
-- majid asad
kubernetes
nginx-ingress
openshift
redhat
ssl

1 Answer

12/29/2021

Hard to tell from your config what is breaking here. As a sensible debugging step, validate whether the problem is with the Ingress Controller or with the routing from your Loadbalancer's public IP:

Run a curl on a Pod that goes directly against the Ingress Controller Service with the external URL:

curl -v -H "Host: <your external URL>" http://nginx.default

If it works, you know it's the routing, e.g. cluster network configuration. If it fails, it must be the Ingress Controller, e.g. Openshift Route, Service or Pod configuration.

-- Fritz Duchardt
Source: StackOverflow