im getting this error with this helm install
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest:
error validating "":
error validating data: ValidationError(Ingress.spec.rules[0].http):
missing required field "paths" in io.k8s.api.networking.v1.HTTPIngressRuleValue
and this is my code for the values.yaml
ingress:
enabled: true
className: ""
annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
alb.ingress.kubernetes.io/target-type: ip
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
hosts:
- host: metabasea0000125955
paths:
- path: /
backend:
service:
name: test
port:
number: 3000
pathType: Prefix
i can't understand what im doing wrong
Related
I am using EKS on AWS (EKS version: 1.21), And I deployed two different applications on two different name spaces.
when I deploy the ingress its creating for me two Application loadbalancers instead of one ALB,
I want to have one ALB with several ingress pointing to two different namespaces
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: tenant1
name: ingress-apps
labels:
app: ingress-app
annotations:
# Ingress Core Settings
kubernetes.io/ingress.class: "alb"
alb.ingress.kubernetes.io/scheme: internet-facing
# Health Check Settings
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/group.name: my-group
spec:
rules:
- http:
paths:
- path: /app1/*
pathType: Prefix
backend:
service:
name: user-service-app-nodeport-service
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: tenant2
name: nginx
labels:
app: nginx
annotations:
# Ingress Core Settings
kubernetes.io/ingress.class: "nlb"
alb.ingress.kubernetes.io/scheme: internet-facing
# Health Check Settings
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '5'
alb.ingress.kubernetes.io/success-codes: '200'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '2'
alb.ingress.kubernetes.io/group.name: my-group
spec:
rules:
- http:
paths:
- path: /app2/*
pathType: Prefix
backend:
service:
name: nginx-app-service
port:
number: 80
My post is to bring some details about a problem I was facing and the details of how I arrived at a solution, in case anyone else is experiencing something similar.
FACT
Kubernetes ingress does not create rules in Alb/EKS when it has wildcard.
When trying to create overlapping paths in Kubernetes Ingress, requests are not routing as expected.
Ingress cannot create paths with Wildcard.
CAUSE
The wildcard rule is not created in the ALB on AWS.
When trying to wildcard the Ingress path in Kubernetes, errors occur in ingress / aws-load-balancer-controller.
Ingress Logs:
`
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedBuildModel 53s (x974 over 11d) ingress Failed build model due to ingress: api-checkout/api-checkout-develop: prefix path shouldn't contain wildcards: /teste/*
`
aws-load-balancer-controller logs:
kubectl logs -n kube-system deployment.apps/aws-load-balancer-controller
{"level":"error","ts":1669761828.7741847,"logger":"controller-runtime.manager.controller.ingress","msg":"Reconciler error","name":"api-checkout-max -shopify-develop","namespace":"api-checkout-max-shopify-develop","error":"ingress: api-checkout-max-shopify-develop/api-checkout-max-shopify-develop: prefix path shouldn't contain wildcards: /shopify/*"}
It is only possible to create rules in the ALB containing wildcard, through the AWS Console.
ACTION
Instead of using "pathType: Prefix", use "pathType: ImplementationSpecific" when creating paths via yaml manifest in Kubernetes.
This way the ingress can create the proper rules (even with Wildcard) in the Load Balancer / ALB in AWS.
Source:
https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types
ImplementationSpecific: With this path type, matching is up to the IngressClass. Implementations can treat this as a separate pathType or treat it identically to Prefix or Exact path types.
EXAMPLE:
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: $K8S_INGRESS_NAME_NGINX
namespace: $K8S_NAMESPACE
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/certificate-arn: $INGRESS_CERT_ARN,$INGRESS_CERT_SUBDOMAIN_ARN
alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-redirect: "443"
alb.ingress.kubernetes.io/scheme: internet-facing
spec:
rules:
- host: $URL
http:
paths:
- pathType: ImplementationSpecific
path: "/teste"
backend:
service:
name: $K8S_DEPLOY_NAME_NGINX_FRONTEND
port:
number: $K8S_SERVICE_PORT_NGINX_FRONTEND
- pathType: ImplementationSpecific
path: "/teste/*"
backend:
service:
name: $K8S_DEPLOY_NAME_NGINX_BACKEND
port:
number: $K8S_SERVICE_PORT_NGINX_BACKEND
- pathType: Prefix
path: "/checkout"
backend:
service:
name: $K8S_DEPLOY_NAME_NGINX_FRONTEND
port:
number: $K8S_SERVICE_PORT_NGINX_FRONTEND
path: "/"
backend:
service:
name: $K8S_DEPLOY_NAME_NGINX_BACKEND
port:
number: $K8S_SERVICE_PORT_NGINX_BACKEND
When trying to create overlapping paths in Kubernetes Ingress, requests are not routing as expected.
Ingress cannot create paths with Wildcard.
I have backend and fronted applications. I have tried to create one ingress for fronted where both paths will be matched (host.com/api/v1/reference/list/test1 and host.com/api/v1/reference/test2). The second one works fine, but the first give me error: Failed to load resource: the server responded with a status of 500 (). Here is my ingress configuration:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: backend-app
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2$3
spec:
tls:
- hosts:
- host.com
secretName: tls-secret
rules:
- host: host.com
http:
paths:
- backend:
serviceName: service-backend
servicePort: 80
path: /api(/|$)(.*)
service:
apiVersion: v1
kind: Service
metadata:
name: service-backend
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
Does anyone know why my URLs are not getting rewritten and the requests are not delivered to the backend service for host.com/api/v1/reference/test2 ?
Thanks in advance!
resolved - bug inside application
I deployed all my resources in Amazon EKS Cluster, now i want to access each services using ingress.i have 3 micro-services.when i added only one service in ingress yaml file it is working please find that code below.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: dummy.us-east-2.elb.amazonaws.com
http:
paths:
- path: /
backend:
serviceName: user-api-service
servicePort: 80
the above code is working for me and this i changed the ingress file to support multiple paths. the changed code is below
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: "/$2"
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: dummy.elb.amazonaws.com
http:
paths:
- path: /user(/|$)(.*)
backend:
serviceName: user-api-service
servicePort: 80
after this i try to access the service using the below link in postman
http://dummy.us-east-2.elb.amazonaws.com/user/api/user/register
but the postman throwing the error 404
can anyone please help me with this issue? please ask if you need more informations
Goal
I'm trying to setup a
Cloud LB -> GKE [istio-gateway -> my-service]
This was working before, however, I have to recreate the cluster 2 days ago and run into this problem. Maybe some version change?
This is my ingress manifest file
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "my-dev-ingress"
namespace: "istio-system"
annotations:
kubernetes.io/ingress.global-static-ip-name: "my-dev-gclb-ip"
ingress.gcp.kubernetes.io/pre-shared-cert: "my-dev-cluster-cert-05"
kubernetes.io/ingress.allow-http: "false"
spec:
backend:
serviceName: "istio-ingressgateway"
servicePort: 80
Problem
The health check issue by the Cloud LB failed. The backend service created by the Ingress create a /:80 default health check.
What I have tried
1) I tried to set the health check generated by the gke ingress to point to the istio-gateway StatusPort port 15020 in the Backend config console. Then the health check passed for a bit until the backend config revert itself to use the original /:80 healthcheck that it created. I even tried to delete the healthcheck that it created and it just create another one.
2) I also tried using the istio-virtual service to route the healthcheck to 15020 port as shown here with out much success.
3) I also tried just route everything in the virtual-service the healthcheck port
hosts:
- "*"
gateways:
- my-web-gateway
http:
- match:
- method:
exact: GET
uri:
exact: /
route:
- destination:
host: istio-ingress.gke-system.svc.cluster.local
port:
number: 15020
4) Most of the search result I found say that setting readinessProbe in the deployment should tell the ingress to set the proper health check. However, all of my service are under the istio-gateway and I can't really do the same.
I'm very lost right now and will really appreciate it if anyone could point me to the right direction. Thanks
i got it working with gke 1.20.4-gke.2200 and istio 1.9.2, the documentation for this is non existent or i have not found anything, you have to add an annotation to istio-ingressgateway service to use a backend-config when using "istioctl install -f values.yaml" command
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
components:
ingressGateways:
- name: istio-ingressgateway
enabled: true
k8s:
serviceAnnotations:
cloud.google.com/backend-config: '{"default": "istio-ingressgateway-config"}'
then you have to create the backend-config with the correct healthcheck port
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: istio-ingressgateway-config
namespace: istio-system
spec:
healthCheck:
checkIntervalSec: 30
port: 15021
type: HTTP
requestPath: /healthz/ready
with this the ingress should automatically change the configuration for the load balancer health check pointing to istio port 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web
namespace: istio-system
annotations:
kubernetes.io/ingress.global-static-ip-name: web
networking.gke.io/managed-certificates: "web"
spec:
rules:
- host: test.example.com
http:
paths:
- path: "/*"
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: direct-web
namespace: istio-system
spec:
hosts:
- test.example.com
gateways:
- web
http:
- match:
- uri:
prefix: "/"
route:
- destination:
port:
number: 8080 #internal service port
host: "internal-service.service-namespace.svc.cluster.local"
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: web
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- test.example.com
you could also set hosts to "*" in the virtualservice and gateway