Nginx Ingress: doesn't run services and get 503 service unavailable - docker

I am trying to create an ingress file to route urls into the inside services. but after calling in postman, it just returns 503 error.
this is my ingress file config:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-srv
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
rules:
- host: posts.com
http:
paths:
- path: /posts/create
pathType: Prefix
backend:
service:
name: posts-clusterip-srv
port:
number: 7000
this is my posts deployment file and cluster ip:
apiVersion: apps/v1
kind: Deployment
metadata:
name: posts-depl
spec:
replicas: 1
selector:
matchLabels:
app: posts
template:
metadata:
labels:
app: posts
spec:
containers:
- name: posts
image: 4765/posts
---
apiVersion: v1
kind: Service
metadata:
name: posts-clusterip-srv
spec:
selector:
app: posts
ports:
- name: posts
protocol: TCP
port: 7000
targetPort: 7000
when in postman I send this request http://posts.com/posts/create just returns 503 service unavailable. I try to curl the cluster Ip curl http://posts-clusterip-srv:7000 but it responses Could not resolve host: posts-clusterip-srv
I don't know what to do?

Does your app server accept request on /?
As path: /posts/create will forward the request to your server which will receive a request on /.
Concerning the curl http://posts-clusterip-srv:7000 it depends of the set up of your cluster:
If you are using a local cluster on your computer you should modify your /etc/hosts add your local IP as posts.com then you should be able to curl it.
If your cluster is on a server it seems that it is a DNS problem, same way as above you can add the server IP to your hosts file to avoid using the DNS.

Related

getting not found: NGINX Ingress

I am trying to learn .NET Microservice. I have been following a great tutorial on Youtube (Time: 4:44:55, Adding An API Gateway). Everything worked well until NGINX Ingress came into the picture. I pasted the same YAML file from the GitHub account of the trainer I doubled checked all the things but couldn't find anything:
I can see all the pods and services are working fine:
I updated my host file.
What did I miss?
URL, I am using: http://acme.com/api/platforms/
Error: HTTP Error 404. The requested resource is not found.
The output of the Ingress YAML:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/use-regex":"true"},"name":"ingress-srv","namespace":"default"},"spec":{"rules":[{"host":"acme.com","http":{"paths":[{"backend":{"service":{"name":"platforms-clusterip-srv","port":{"number":80}}},"path":"/api/platforms","pathType":"Prefix"},{"backend":{"service":{"name":"commands-clusterip-srv","port":{"number":80}}},"path":"/api/c/platforms","pathType":"Prefix"}]}}]}}
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
creationTimestamp: "2021-09-18T00:12:41Z"
generation: 1
name: ingress-srv
namespace: default
resourceVersion: "2274742"
uid: a7376202-8b1b-4f1a-a42f-08de5f602192
spec:
rules:
- host: acme.com
http:
paths:
- backend:
service:
name: platforms-clusterip-srv
port:
number: 80
path: /api/platforms
pathType: Prefix
- backend:
service:
name: commands-clusterip-srv
port:
number: 80
path: /api/c/platforms
pathType: Prefix
status:
loadBalancer:
ingress:
- hostname: localhost
Services:
UPDATE: Tried below commands and got some new information:
UPDATE: Result of
Kubectl get pods --namespace=ingress-nginx
Try removing the regex annotation from th ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: ingress-srv
namespace: default
spec:
rules:
- host: acme.com
http:
paths:
- backend:
service:
name: platforms-clusterip-srv
port:
number: 80
path: /api/platforms
pathType: Prefix
- backend:
service:
name: commands-clusterip-srv
port:
number: 80
path: /api/c/platforms
pathType: Prefix
or just try this nginx.ingress.kubernetes.io/rewrite-target: /
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: acme.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: commands-clusterip-srv
port:
number: 80
in above ingress, all requests will go to service commands-clusterip-srv so from browser side you pass anything either /api or /api/c ingress will route the traffic to that service if your host is acme.com
Error 404 clearly means there is some issue with your Nginx configuration path is not matching or host issue, Nginx not able to find upstream or target so it throws 404.
Update
Try adding IP and entry into the host file for
192.168.1.28 acme.com
i am not sure you have used the IP POD to curl ideally you should me using the acme.com as you can to access the data.
also hope you service, deployment and ingress are in same namespace.
First of all, Thank you Harsh for your precious time. I tried all the things but no error was found.
It was really a miracle that I am able to resolve it issue on HTTPS. I am able to access "https://acme.com/api/platforms". But still, HTTP is giving me the same error. However, I am fine with HTTPS

How to communicate Swagger UI and API in Kubernetes cluster using service names?

I have a node.js API run inside a Docker container on Kubernetes cluster within a pod.
The pod is connected to Kubernetes service of type LoadBalancer, so I can connect to it from outside, and also from the Swagger UI, by passing to the Swagger UI which is run as another Docker container on the same Kubernetes cluster an API IP address http://<API IP address>:<port>/swagger.json.
But in my case I would like to call the API endpoints via Swagger UI using the service name like this api-service.default:<port>/swagger.json instead of using an external API IP address.
For Swagger UI I' am using the latest version of swaggerapi/swagger-ui docker image from here: https://hub.docker.com/r/swaggerapi/swagger-ui
If I try to assign the api-service.default:<port>/swagger.json to Swagger-UI container environment variable then the Swagger UI result is: Failed with load API definition
Which I guess is obvious because the browser does not recognize the internal cluster service name.
Is there any way to communicate Swagger UI and API in Kubernetes cluster using service names?
--- Additional notes ---
The Swagger UI CORS error is misleading in that case. I am using this API from many other services.
I have also tested the API CORS using cURL.
I assume that swagger-ui container inside a pod can resolve that internal cluster service name, but the browser cannot because the browser works out of my Kubernetes cluster.
On my other web services running in the browser (out of my cluster) served on nginx which also consumes this API, I use the nginx reverse proxy mechanizm.
https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
This mechanizm redirects my API request invoked from the browser level to the internal cluster service name: api-service.default:8080 where the nginx server is actually running. I mean the nginx is runnig on the cluster, browser not.
Unfortunately, I dont't how to achive this in that swagger ui case.
Swagger mainfest file:
# SERVICE
apiVersion: v1
kind: Service
metadata:
name: swagger-service
labels:
kind: swagger-service
spec:
selector:
tier: api-documentation
ports:
- protocol: 'TCP'
port: 80
targetPort: 8080
type: LoadBalancer
---
# DEPLOYMENT
apiVersion: apps/v1
kind: Deployment
metadata:
name: swagger-deployment
labels:
kind: swagger-deployment
spec:
replicas: 1
selector:
matchLabels:
tier: api-documentation
template:
metadata:
labels:
tier: api-documentation
spec:
containers:
- name: swagger
image: swaggerapi/swagger-ui
imagePullPolicy: Always
env:
- name: URL
value: 'http://api-service.default:8080/swagger.json'
API manifest file:
# SERVICE
apiVersion: v1
kind: Service
metadata:
name: api-service
labels:
kind: api-service
spec:
selector:
tier: backend
ports:
- protocol: 'TCP'
port: 8080
targetPort: 8080
type: LoadBalancer
---
# DEPLOYMENT
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-deployment
labels:
kind: api-deployment
spec:
replicas: 1
selector:
matchLabels:
tier: backend
template:
metadata:
labels:
tier: backend
spec:
containers:
- name: api
image: <my-api-image>:latest
I solved it by adding nginx reverse proxy to /etc/nginx/nginx.conf file in swagger UI container which redirects all requests ended with /swagger.json to the API service.
After this file changes you need to reload the nginx server: nginx -s reload
server {
listen 8080;
server_name localhost;
index index.html index.htm;
location /swagger.json {
proxy_pass http://api-service.default:8080/swagger.json;
}
location / {
absolute_redirect off;
alias /usr/share/nginx/html/;
expires 1d;
location ~* \.(?:json|yml|yaml)$ {
#SWAGGER_ROOT
expires -1;
include cors.conf;
}
include cors.conf;
}
Important is to assign only /swagger.json to ENV of the SwaggerUI continer. It is mandatory because requests must be routed to nginx in order to be resolved.
Swagger manifest
# SERVICE
apiVersion: v1
kind: Service
metadata:
name: swagger-service
labels:
kind: swagger-service
spec:
selector:
tier: api-documentation
ports:
- protocol: 'TCP'
port: 80
targetPort: 8080
type: LoadBalancer
---
# DEPLOYMENT
apiVersion: apps/v1
kind: Deployment
metadata:
name: swagger-deployment
labels:
kind: swagger-deployment
spec:
replicas: 1
selector:
matchLabels:
tier: api-documentation
template:
metadata:
labels:
tier: api-documentation
spec:
containers:
- name: swagger
image: swaggerapi/swagger-ui
imagePullPolicy: Always
env:
- name: URL
value: '/swagger.json'

Reverse DNS for Kubernetes Ingress Website External IP

I need help to create a reverse zone for the external IP of Kubernetes Ingress Website or something that do the some function like a reverse zone.
Basically I need that when I enter the IP of the ingress in the browser, redirects me to the domain name.
Thanks for the help.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: prueba-web-ingress
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: http://example.com
networking.gke.io/managed-certificates: certificateexample
kubernetes.io/ingress.global-static-ip-name: test
kubernetes.io/ingress.allow-http: "false"
spec:
backend:
serviceName: prueba-web
servicePort: 80
Try the following, just change the example.com to your domain:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: reverse-redirect
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: http://example.com
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: "somerandomname" # needs some name, doesn't need to exist
port:
number: 80
When sending a request to nginx ingress without Host header, it will default to the ingress without specified host filed (just like the example above). Such request will receive a following response:
$ curl 123.123.123.123 -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Apr 2021 11:36:05 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: http://example.com
Browser receiving this redirect, will redirect to the domain specified in Location header.
Docs:
permanent redirect annotation
EDIT:
Since you are not using nginx ingress you can try to use a redirect app.
Here is a deployment with some random image I have found on dockerhub that responds to every request with redirect. I don't want to lecture you on security but I feel that I should at leat mention that you should never use random container images from the internet, and if you are, you are doing it on your own resposibiliy. Preferably build one from source and push to your own repo.
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: redir
name: redir
spec:
replicas: 1
selector:
matchLabels:
app: redir
template:
metadata:
creationTimestamp: null
labels:
app: redir
spec:
containers:
- image: themill/docker-nginx-redirect-301
name: docker-nginx-redirect-301
env:
- name: REDIRECT_CODE
value: "302"
- name: REDIRECT_URL
value: https://example.com
Service for the above deployment:
apiVersion: v1
kind: Service
metadata:
labels:
app: redir
name: redir
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: redir
status:
loadBalancer: {}
Now the ingress part:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: prueba-web-ingress
annotations:
networking.gke.io/managed-certificates: certificateexample
kubernetes.io/ingress.global-static-ip-name: test
kubernetes.io/ingress.allow-http: "false"
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: redir
servicePort: 80
- host: example.com
http:
paths:
- path: /
backend:
serviceName: prueba-web
servicePort: 80
Notice the same applies here: no host field set for redir service, although prueba-web service has its host filed set.

Keycloak in Kubernetes: 503 Service Temporarily Unavailable

Following the instructions on the Keycloak docs site below, I'm trying to set up Keycloak to run in a Kubernetes cluster. I have an Ingress Controller set up which successfully works for a simple test page. Cloudflare points the domain to the ingress controllers IP.
Keycloak deploys successfully (Admin console listening on http://127.0.0.1:9990), but when going to the domain I get a message from NGINX: 503 Service Temporarily Unavailable.
https://www.keycloak.org/getting-started/getting-started-kube
Here's the Kubernetes config:
apiVersion: v1
kind: Service
metadata:
name: keycloak-cip
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 8080
selector:
name: keycloak
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
kubernetes.io/ingress.class: nginx
service.beta.kubernetes.io/linode-loadbalancer-default-protocol: https
service.beta.kubernetes.io/linode-loadbalancer-port-443: '{ "tls-secret-name": "my-secret", "protocol": "https" }'
spec:
rules:
- host: my.domain.com
http:
paths:
- backend:
serviceName: keycloak-cip
servicePort: 8080
tls:
- hosts:
- my.domain.com
secretName: my-secret
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: default
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:12.0.3
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "admin"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
initialDelaySeconds: 90
periodSeconds: 5
failureThreshold: 30
successThreshold: 1
revisionHistoryLimit: 1
Edit:
TLS should be handled by the ingress controller.
--
Edit 2:
If I go into the controller using kubectl exec, I can do curl -L http://127.0.0.1:8080/auth which successfully retrieves the page:
<title>Welcome to Keycloak</title>. So I'm sure that keycloak is running. It's just that either traffic doesn't reach the pod, or keycloak doesn't respond.
If I use the ClusterIP instead but otherwise keep the call above the same, I get a Connection timed out. I tried both ports 80 and 8080 with the same result.
The following configuration is required to run keycloak behind ingress controller:
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_HOSTNAME
value: "my.domain.com"
So I think adding correct KEYCLOAK_HOSTNAME value should solve your issue.
I had a similar issue with Traefik Ingress Controller:
Can't expose Keycloak Server on AWS with Traefik Ingress Controller and AWS HTTPS Load Balancer
You can find the full code of my configuration here:
https://github.com/skyglass-examples/user-management-keycloak
Hello Have you tried to add this line :
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
it looks like it is missing from your config file which result in 503 error, check this for more input on the config of K8s.

Enable Ingress controller on Docker Desktop with WLS2

Currently, I'm using Docker Desktop with WSL2 integration. I found that Docker Desktop automatically had created a cluster for me. It means I don't have to install and use Minikube or Kind to create cluster.
The problem is that, how could I enable Ingress Controller if I use "built-in" cluster from Docker Desktop?
I tried to create an Ingress to check if this work or not, but as my guess, it didn't work.
The YAML file I created as follows:
apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp
spec:
minReadySeconds: 30
selector:
matchLabels:
app: webapp
replicas: 1
template:
metadata:
labels:
app: webapp
spec:
containers:
- name: webapp
image: nodejs-helloworld:v1
---
apiVersion: v1
kind: Service
metadata:
name: webapp-service
spec:
selector:
app: webapp
ports:
- name: http
port: 3000
nodePort: 30090 # only for NotPort > 30,000
type: NodePort #ClusterIP inside cluster
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webapp-ingress
spec:
defaultBackend:
service:
name: webapp-service
port:
number: 3000
rules:
- host: ingress.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: webapp-service
port:
number: 3000
I tried to access ingress.local/ but it was not successful. (I added ingress.local to point to 127.0.0.1 in host file. And the webapp worked fine at kubernetes.docker.internal:30090 )
Could you please help me to know the root cause?
Thank you.
Finally I found the way to fix. I have to deploy ingress Nginx by command:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.2/deploy/static/provider/cloud/deploy.yaml
(Follows the instruction at https://kubernetes.github.io/ingress-nginx/deploy/#docker-for-mac. It works just fine for Docker for Windows)
Now I can access http://ingress.local successfully.
You have to install an ingress-nginx controller on your cluster, so that your nodes will have an opened port 80/443.
Using helm (v3 - see documentation):
helm install --namespace kube-system nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx
Using kubectl (see documentation):
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.43.0/deploy/static/provider/cloud/deploy.yaml
Then manually adding your ingresses' hostnames to /etc/hosts:
127.0.0.1 ingress.local
127.0.0.1 my.other.service.local
# ...
Then if you make a request on http://ingress.local:
the DNS resolution will route to your cluster node
then the ingress controller will serve the request on port 80
then ingress will route the request to the configured backend service
and the service will route to an available pod
The newest version of Docker Desktop for Windows already adds a hosts file entry: 127.0.0.1 kubernetes.docker.internal.
You had to do use kubernetes.docker.internal URL as a hostname in Ingress definition if you want to point to 127.0.0.1. This should be in the docs on this page kubernetes.github.io/ingress-nginx/deploy but there is no Docker Desktop for Windows section there.
Your files should look like this:
apiVersion: v1
kind: Service
metadata:
name: webapp-service
spec:
type: NodePort
selector:
app: webapp
ports:
- name: http
protocol: TCP
port: 3000
nodePort: 30090
Your Ingress file should look like this:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: webapp-ingress
spec:
rules:
- host: kubernetes.docker.internal
http:
paths:
- path: /
backend:
serviceName: webapp-service
servicePort: http
Then you are able to connect to app using http://kubernetes.docker.internal/.
Example you can see here: wsl2-docker-for-desktop.
I used the Docker-Desktop version to install the nginx-ingress controller
https://kubernetes.github.io/ingress-nginx/deploy/#docker-desktop
curl http://kubernetes.docker.internal/
Offcourse I've not installed any workload yet but the default ingress controller works just fine.
With Kustomize you can simply use
helmCharts:
- name: ingress-nginx
releaseName: ingress-nginx
repo: https://kubernetes.github.io/ingress-nginx
This is just to point out that Amel Mahmuzićs comment is still valid with a recent (I used the ingress-nginx Helm Chart 4.4.2) ingress deployment.
I could not get this to work for far too long (I tried to follow the Strapi fodadvisor example with Docker Desktop build in Kubernetes instead of minikube) and always received a 404 from the ingress.
However, after using this yaml with the added annotation
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: main-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: foodadvisor.backend
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: foodadvisor-backend
port:
number: 1337
- host: foodadvisor.client
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: foodadvisor-frontend
port:
number: 3000
it worked immediately. The K82 docs mention, that this annotation is deprecated.

Resources