Jenkins Ingress with k8s v1.19 - jenkins

I had a Jenkins values.yaml file written prior to v1.19, I need some help to change it to be v1.19 compliant.
In the old Values.yaml below, I tried adding http path:/. Should the pathType be ImplementationSpecific?
Only defaultBackend works for some reason, not sure what I'm doing wrong with path and pathType.
ingress:
enabled: true
# Override for the default paths that map requests to the backend
paths:
# - backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
- backend:
serviceName: >-
{{ template "jenkins.fullname" . }}
# Don't use string here, use only integer value!
servicePort: 8080
# For Kubernetes v1.14+, use 'networking.k8s.io/v1'
apiVersion: "networking.k8s.io/v1"
labels: {}
annotations:
kubernetes.io/ingress.global-static-ip-name: jenkins-sandbox-blah
networking.gke.io/managed-certificates: jenkins-sandbox-blah
kubernetes.io/ingress.allow-http: "true"
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# Set this path to jenkinsUriPrefix above or use annotations to rewrite path
# path: "/jenkins"
# configures the hostname e.g. jenkins.example.com
hostName: jenkins.sandbox.io

There are several changes to the definition of Ingress resources between v1.18 and v1.19.
In v1.18, we defined paths like this (see: A minimal Ingress resource example):
paths:
- path: /testpath
pathType: Prefix
backend:
serviceName: test
servicePort: 80
In version 1.19 it was changed to: (see: A minimal Ingress resource example):
paths:
- path: /testpath
pathType: Prefix
backend:
service:
name: test
port:
number: 80
In your example, you can slightly modified the values.yaml and try again:
NOTE: You may need to change the port number and pathType depending on your configuration. Additionally, I've added the kubernetes.io/ingress.class: nginx annotation because I'm using NGINX Ingress Controller and I didn't configure the hostname.
$ cat values.yaml
controller:
ingress:
enabled: true
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: >-
{{ template "jenkins.fullname" . }}
port:
number: 8080
apiVersion: "networking.k8s.io/v1"
annotations:
kubernetes.io/ingress.global-static-ip-name: jenkins-sandbox-blah
networking.gke.io/managed-certificates: jenkins-sandbox-blah
kubernetes.io/ingress.allow-http: "true"
kubernetes.io/ingress.class: nginx
# configures the hostname e.g. jenkins.example.com
# hostName: jenkins.sandbox.io

Related

getting not found: NGINX Ingress

I am trying to learn .NET Microservice. I have been following a great tutorial on Youtube (Time: 4:44:55, Adding An API Gateway). Everything worked well until NGINX Ingress came into the picture. I pasted the same YAML file from the GitHub account of the trainer I doubled checked all the things but couldn't find anything:
I can see all the pods and services are working fine:
I updated my host file.
What did I miss?
URL, I am using: http://acme.com/api/platforms/
Error: HTTP Error 404. The requested resource is not found.
The output of the Ingress YAML:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/use-regex":"true"},"name":"ingress-srv","namespace":"default"},"spec":{"rules":[{"host":"acme.com","http":{"paths":[{"backend":{"service":{"name":"platforms-clusterip-srv","port":{"number":80}}},"path":"/api/platforms","pathType":"Prefix"},{"backend":{"service":{"name":"commands-clusterip-srv","port":{"number":80}}},"path":"/api/c/platforms","pathType":"Prefix"}]}}]}}
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
creationTimestamp: "2021-09-18T00:12:41Z"
generation: 1
name: ingress-srv
namespace: default
resourceVersion: "2274742"
uid: a7376202-8b1b-4f1a-a42f-08de5f602192
spec:
rules:
- host: acme.com
http:
paths:
- backend:
service:
name: platforms-clusterip-srv
port:
number: 80
path: /api/platforms
pathType: Prefix
- backend:
service:
name: commands-clusterip-srv
port:
number: 80
path: /api/c/platforms
pathType: Prefix
status:
loadBalancer:
ingress:
- hostname: localhost
Services:
UPDATE: Tried below commands and got some new information:
UPDATE: Result of
Kubectl get pods --namespace=ingress-nginx
Try removing the regex annotation from th ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: ingress-srv
namespace: default
spec:
rules:
- host: acme.com
http:
paths:
- backend:
service:
name: platforms-clusterip-srv
port:
number: 80
path: /api/platforms
pathType: Prefix
- backend:
service:
name: commands-clusterip-srv
port:
number: 80
path: /api/c/platforms
pathType: Prefix
or just try this nginx.ingress.kubernetes.io/rewrite-target: /
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minimal-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: acme.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: commands-clusterip-srv
port:
number: 80
in above ingress, all requests will go to service commands-clusterip-srv so from browser side you pass anything either /api or /api/c ingress will route the traffic to that service if your host is acme.com
Error 404 clearly means there is some issue with your Nginx configuration path is not matching or host issue, Nginx not able to find upstream or target so it throws 404.
Update
Try adding IP and entry into the host file for
192.168.1.28 acme.com
i am not sure you have used the IP POD to curl ideally you should me using the acme.com as you can to access the data.
also hope you service, deployment and ingress are in same namespace.
First of all, Thank you Harsh for your precious time. I tried all the things but no error was found.
It was really a miracle that I am able to resolve it issue on HTTPS. I am able to access "https://acme.com/api/platforms". But still, HTTP is giving me the same error. However, I am fine with HTTPS

ingress not able to access domain based routing

I am not able to access the domain to running ingress service in the Kubernetes, below is the YAML configuration for the ingress service, I am not able to access ticketing.dev in the browser
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-service
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: ticketing.dev
http:
paths:
- path: /api/users/?(.*)
pathType: Prefix
backend:
service:
name: auth-srv
port:
number: 3000
- path: /?(.*)
pathType: Prefix
backend:
service:
name: client-srv
port:
number: 3000
I have added the domain name to the windows host files
driver \etc\host
127.0.0.1 ticketing.dev

Set override backend path to empty string in App G/w Ingress Controller

We are using Azure App G/w Ingress Controller to expose services hosted within AKS.
E.g.
Service named abc is hosted in AKS as below
apiVersion: v1
kind: Service
metadata:
labels:
project: abc
app: abc
env: dev
name: abc
namespace: abc
spec:
ports:
- name: http
# This is the external port of the cluster
port: 8443
protocol: TCP
targetPort: http
selector:
project: abc
app: abc
env: dev
type: ClusterIP
Ingress Configuration
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-abc
namespace: abc
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
rules:
- http:
paths:
- backend:
serviceName: abc
servicePort: 9000
path: /abc*
Problem Statement
Front-end will send request to the backend like: https://app-gw-ip/abc/operation.
App G/w applies appropriate routing rule and converts the request_uri to "//operation". "abc" in the URL path is overwritten by "/" because of the backend-path-prefix annotation. Whereas we want the request_uri as "/operation"
Is there a way to set backend-path-prefix to empty string ?
I want to replace "abc/" in the URL path with "/". Currently it replaces "abc" with "/".
If I do not use the backend-path-prefix, then backend uri path will be "abc/operation". This will return 404 because abc service will not have any endpoint named abc/operation.
Just use path as path: /abc/*
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-abc
namespace: abc
annotations:
kubernetes.io/ingress.class: azure/application-gateway
appgw.ingress.kubernetes.io/backend-path-prefix: "/"
rules:
- http:
paths:
- backend:
serviceName: abc
servicePort: 9000
path: /abc/*

Nginx Redirection of Jenkins on Kubernetes

I am trying to deploy Jenkins on Kubernetes. I have deployed it with ClusterIP along with Nginx Ingress Controller on AKS.
When I access the IP of the Ingress-Controller, the Jenkins login URL (http://ExternalIP/login?from=%2F) comes up. However the UI of the Jenkins page isn't coming up and there is a some sort of redirection happening and keeps growing (http://ExternalIP/login?from=%2F%3Ffrom%3D%252F%253Ffrom%253D%25252F%25253F). I am very new to Ingress controller and annotations. I am not able to figure on what's causing this redirection.
Below are my configuration files. Can anyone please help on what's going wrong ?
ClusterIP-Service.yml
kind: Service
apiVersion: v1
metadata:
name: jenkins-nodeport-svc
namespace: jenkins
labels:
env: poc
app: myapp_jenkins
spec:
ports:
- name: "http"
port: 80
targetPort: 8080
type: ClusterIP
selector:
app: myapp_jenkins
Ingress.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jenkins-ingress
namespace: jenkins
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: Authorization, origin, accept
nginx.ingress.kubernetes.io/cors-allow-methods: GET, OPTIONS
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
rules:
- http:
paths:
- backend:
serviceName: jenkins-nodeport-svc
servicePort: 80
path: /(.*)
There's something in your ingress:
path: /(.*)
is a regular expression with a single capturing group that match everything. For example with following url: http://ExternalIP/login?from=myurl your capturing group $1 (the first and only one) would match login?from/myurl.
Now the problem is that nginx.ingress.kubernetes.io/rewrite-target: /$2 annotation is rewriting your url with a non existing capturing group.
You don't need rewriting, you just need to plain forward every request to the service.
Here you can find Rewrite Examples if you interested on it.
But in your case you can set:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jenkins-ingress
namespace: jenkins
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-headers: Authorization, origin, accept
nginx.ingress.kubernetes.io/cors-allow-methods: GET, OPTIONS
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
rules:
- http:
paths:
- backend:
serviceName: jenkins-nodeport-svc
servicePort: 80
path: /
and you're good to go.

Redirecting traffic to Tomcat context path in Kubernetes service

In a scenario where I set the context path of the Tomcat server by changing the server.xml file like this:
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="${catalinaContextPath}" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>
</Host>
If catalinaContextPath is set to /my/new/context The server will start up in the Pod with the URL: localhost:8080/my/new/context. How do I change the service so that it sends all traffic arriving on service port 80 to container path <pod_ip>:8080/my/new/context
This is my current service:
apiVersion: v1
kind: Service
metadata:
namespace: jira
name: jira
spec:
selector:
app: jira
component: jira
ports:
- protocol: TCP
name: serverport
port: 80
targetPort: 8080
My use case is, I am deploying this this JIRA docker image in a Pod and I set the context path using the environment variable CATALINA_CONTEXT_PATH as specified in this documentation. When I try to access it, it results in a 404. I assume this is because traffic is being redirected to <pod_ip>:8080 and nothing is running on <pod_ip>:8080 since tomcat has started up on <pod_ip>:8080/my/new/context
EDIT:
This is the ingress.yaml I am using:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: {{ .Values.global.app }}
name: jira-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
rules:
- host: myhost
http:
paths:
- path: /dev/jira(/|$)(.*)
backend:
serviceName: jira
servicePort: 80
- path: /prod/jira(/|$)(.*)
backend:
serviceName: jira
servicePort: 80
Whenever I visit myhost/dev/jira I need it to go to my JIRA instance.
Since your application "real" root is /my/new/context, you can rewrite every incoming request matching the /dev/jira URI using Nginx's AppRoot:
If the Application Root is exposed in a different path and needs to be redirected, set the annotation nginx.ingress.kubernetes.io/app-root to redirect requests for /.
If you're using this approach, there is no need to use capture groups with rewrite-target.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: {{ .Values.global.app }}
name: jira-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/app-root: /my/new/context
spec:
rules:
- host: myhost
http:
paths:
- path: /dev/jira(/|$)(.*)
backend:
serviceName: jira
servicePort: 80
- path: /prod/jira(/|$)(.*)
backend:
serviceName: jira
servicePort: 80
This is not possible with services... I would strongly suggest using Ingress paths.
see here: Can a host be redirected to a service path in Kubernetes?

Resources