Ingress-nginx: The ingress address can't access correctly

Created on 6 Dec 2017  路  10Comments  路  Source: kubernetes/ingress-nginx

ingress-nginx version: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
kubernetes version :Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:28:34Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:17:43Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Environment:

  • Cloud provider or hardware configuration: bare-metal
  • OS (e.g. from /etc/os-release): centos7.4
  • Kernel :Linux node1 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
  • Install tools: kubeadm
    What happened: when i excute kubectl get ingress -n kube-system,the result is 
NAME         HOSTS         ADDRESS           PORTS     AGE
nginx-test   foo.bar.com   192.168.145.101   80        9m

my ingress adress is same with my baremetal node host ip. i can't use curl 192.168.145.101 to access http-svc. got wrong curl: (7) Failed connect to 192.168.145.101:80; Connection refused .why it happened?
Anything else we need to know:
my http-svc.yaml set:
```apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: http-svc
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
app: http-svc
spec:
containers:
- name: http-svc
image: gcr.io/google_containers/echoserver:1.8
ports:

- containerPort: 8080

apiVersion: v1
kind: Service
metadata:
name: http-svc
namespace: kube-system
labels:
app: http-svc
spec:
ports:

  • port: 80
    targetPort: 8080
    protocol: TCP
    name: http
    selector:
    app: http-svc
my ingress.yaml set:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-test
namespace: kube-system
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
# This assumes http-svc exists and routes to healthy endpoints
serviceName: http-svc
servicePort: 80

my ingress-nginx-controller.yaml set:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: ingress-nginx
template:
metadata:
labels:
app: ingress-nginx
annotations:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
spec:
serviceAccountName: nginx-ingress-serviceaccount
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
args:
- /nginx-ingress-controller
- --apiserver-host=192.168.145.101
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --annotations-prefix=nginx.ingress.kubernetes.io
- --report-node-internal-ip-address=true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
```

picture sugangnb

Most helpful comment

@sugangnb when you not send the host header you reach the default backend. Please check the ingress docs https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource
Running curl -v http://192.168.145.101:31490 -H 'Host: foo.bar.com'

picture aledbf on 7 Dec 2017
2

All 10 comments

@aledbf

sugangnb picture sugangnb on 6 Dec 2017

@sugangnb you are using a normal service and host using nodePort, hostPort or hostnetwork so using the IP address of the node will never work.

aledbf picture aledbf on 6 Dec 2017

Please reopen if you have more questions

aledbf picture aledbf on 6 Dec 2017

@aledbf
my ingress-nginx is using nodePort, http-svc is using clusterIp like this.

[root@node1 bigdata]# kubectl get service --all-namespaces
NAMESPACE     NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
default       kubernetes             ClusterIP   10.96.0.1        <none>        443/TCP                      5d
kube-system   calico-etcd            ClusterIP   10.96.232.136    <none>        6666/TCP                     5d
kube-system   default-http-backend   ClusterIP   10.108.245.70    <none>        80/TCP                       1d
kube-system   http-svc               ClusterIP   10.108.198.244   <none>        80/TCP                       11h
kube-system   ingress-nginx          NodePort    10.101.55.125    <none>        80:31490/TCP,443:30074/TCP   1d
kube-system   kube-dns               ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP                5d
kube-system   kubernetes-dashboard   ClusterIP   10.99.113.249    <none>        443/TCP                      1d
kube-system   tiller-deploy          ClusterIP   10.100.61.13     <none>        44134/TCP                    5d

Your mean I need change http-svc using Nodeport?What can I do to make it work?

sugangnb picture sugangnb on 6 Dec 2017

If you are using nodeport the correct address is http://192.168.145.101:31490

aledbf picture aledbf on 6 Dec 2017
👍1

@aledbf ,excuse me.
After I execut curl -v 192.168.145.101:31490
I got this result.

* About to connect() to 192.168.145.101 port 31490 (#0)
*   Trying 192.168.145.101...
* Connected to 192.168.145.101 (192.168.145.101) port 31490 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.145.101:31490
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Server: nginx/1.13.7
< Date: Thu, 07 Dec 2017 08:07:45 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 21
< Connection: keep-alive
< Vary: Accept-Encoding
< Strict-Transport-Security: max-age=15724800; includeSubDomains;
< 
* Connection #0 to host 192.168.145.101 left intact
default backend - 404

the log of this commond

192.168.145.101 - [192.168.145.101] - - [07/Dec/2017:08:03:24 +0000] "GET / HTTP/1.1" 404 21 "-" "curl/7.29.0" 85 0.000 [upstream-default-backend] 192.168.166.132:8080 21 0.000 404

I don't understand why this happened

sugangnb picture sugangnb on 7 Dec 2017

@sugangnb when you not send the host header you reach the default backend. Please check the ingress docs https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource
Running curl -v http://192.168.145.101:31490 -H 'Host: foo.bar.com'

aledbf picture aledbf on 7 Dec 2017
2

Hi @aledbf ,could you please explain more why cul command without header will reach the default backend? Thanks a lot. Still confused for this.

liuxiaopiao picture liuxiaopiao on 31 Jan 2019

could you please explain more why cul command without header will reach the default backend?

Sure. Without a Host header nginx cannot decide to which server you need to be directed. For this scenario, there is a catch-all server that sends traffic to the default backend (returns 404)
Please check http://nginx.org/en/docs/http/request_processing.html

aledbf picture aledbf on 31 Jan 2019

@aledbf ,so nice of you. Thanks a lot for the info! Clear with it now.

liuxiaopiao picture liuxiaopiao on 31 Jan 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cehoffman picture cehoffman  路  3Comments
sophaskins picture sophaskins  路  3Comments
bashofmann picture bashofmann  路  3Comments
yuyang0 picture yuyang0  路  3Comments
geek876 picture geek876  路  3Comments