I am running nginx as load balancer in OpenShift, for this i've created configmap, deployment, exposed it as service of type load balancer and created a relevant route. Please note that, ssl is also setup in its configurations. When I allocate a public IP to it, it's giving error connection refused. The route seems to be correct but it is not working as intended.
Config map file
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
namespace: nginx-ingress
data:
nginx.conf: |-
user nginx;
worker_processes 10;
events {
worker_connections 10240;
}
http {
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html; # root path for file
index index.html index.htm;
}
}
}
default.conf: |-
# file mounted externally
server {
listen 80;
server_name localhost;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/server.crt;
ssl_certificate_key /etc/letsencrypt/server.key;
ssl_trusted_certificate /etc/letsencrypt/rootCA.pem;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
index.html: |-
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx. Response from ingress/proxy.</em></p>
</body>
</html>
Deployment file
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: nginx-ingress
spec:
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
nodeSelector:
compute1: worker1
volumes:
- name: nginx-conf
configMap:
name: nginx-conf
items:
- key: nginx.conf
path: nginx.conf
- key: default.conf
path: default.conf
- key: index.html
path: index.html
- name: ca-pem
configMap:
name: ca-pem
- name: ca-crt
configMap:
name: ca-crt
- name: ca-key
configMap:
name: ca-key
containers:
- name: nginx-alpine-perl
image: docker.io/library/nginx@sha256:51212c2cc0070084b2061106d5711df55e8aedfc6091c6f96fabeff3e083f355
ports:
- containerPort: 80
- containerPort: 443
securityContext:
allowPrivilegeEscalation: false
#runAsUser: 0
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx
#subPath: nginx.conf
readOnly: true
- name: nginx-conf
mountPath: /etc/nginx/conf.d
readOnly: true
- name: nginx-conf
mountPath: /usr/share/nginx/html
#subPath: nginx.conf
readOnly: true
- name: ca-pem
mountPath: /etc/letsencrypt/rootCA.pem
subPath: rootCA.pem
readOnly: false
- name: ca-crt
mountPath: /etc/letsencrypt/server.crt
subPath: server.crt
readOnly: false
- name: ca-key
mountPath: /etc/letsencrypt/server.key
subPath: server.key
readOnly: true
Svc file
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
type: LoadBalancer
ports:
- port: 80
name: http
protocol: TCP
targetPort: 80
#nodePort: 30008
- port: 443
name: https
protocol: TCP
targetPort: 443
#nodePort: 30009
selector:
app: nginx
status:
loadBalancer:
ingress:
- ip: <Public IP>
route file
apiVersion: route.openshift.io/v1
kind: Route
metadata:
annotations:
openshift.io/host.generated: "true"
name: nginx-ingress
namespace: nginx-ingress
selfLink: /apis/route.openshift.io/v1/namespaces/nginx-ingress/routes/nginx-ingress
spec:
host: <Some url: nginx-ingress.app>
to:
kind: Service
name: nginx
weight: 100
wildcardPolicy: None
Hard to tell from your config what is breaking here. As a sensible debugging step, validate whether the problem is with the Ingress Controller or with the routing from your Loadbalancer's public IP:
Run a curl
on a Pod that goes directly against the Ingress Controller Service with the external URL:
curl -v -H "Host: <your external URL>" http://nginx.default
If it works, you know it's the routing, e.g. cluster network configuration. If it fails, it must be the Ingress Controller, e.g. Openshift Route, Service or Pod configuration.