ingress-nginx: client sent http request to https server

Question

My goal is to setup an ingress nginx within my kubernetes cluster. The deployment seems to work as I guess, the logs are looking good.

NAME                                            READY   STATUS      RESTARTS   AGE
pod/ingress-nginx-admission-create--1-n5h28     0/1     Completed   0          4d8h
pod/ingress-nginx-admission-patch--1-czsfn      0/1     Completed   0          4d8h
pod/ingress-nginx-controller-7f7f8685b8-xvldg   1/1     Running     0          10m
pod/web-app-59555dbf95-slqc4                    1/1     Running     0          20m

NAME                                         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
service/ingress-nginx-controller             NodePort    10.97.224.250   <none>        80:32666/TCP,443:31657/TCP   4d8h
service/ingress-nginx-controller-admission   ClusterIP   10.100.7.97     <none>        443/TCP                      4d8h
service/web-app-internal                     ClusterIP   10.103.22.145   <none>        80/TCP                       20m

NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx-controller   1/1     1            1           4d8h
deployment.apps/web-app                    1/1     1            1           20m

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-nginx-controller-55b65fcbff   0         0         0       22h
replicaset.apps/ingress-nginx-controller-5f7d486f4d   0         0         0       43m
replicaset.apps/ingress-nginx-controller-76bdf9b5f6   0         0         0       3h47m
replicaset.apps/ingress-nginx-controller-7d7489d947   0         0         0       44m
replicaset.apps/ingress-nginx-controller-7f7f8685b8   1         1         1       10m
replicaset.apps/ingress-nginx-controller-7fdc4896dd   0         0         0       22h
replicaset.apps/ingress-nginx-controller-86668dc4fc   0         0         0       22h
replicaset.apps/ingress-nginx-controller-8cf5559f8    0         0         0       4d8h
replicaset.apps/ingress-nginx-controller-f58499759    0         0         0       62m
replicaset.apps/web-app-59555dbf95                    1         1         1       20m

NAME                                       COMPLETIONS   DURATION   AGE
job.batch/ingress-nginx-admission-create   1/1           2s         4d8h
job.batch/ingress-nginx-admission-patch    1/1           7s         4d8h

I've already experienced some issues, stated in this question . The deployment I use is the following:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
  namespace: ingress-nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web-app
  template:
    metadata:
      labels:
        app: web-app
    spec:
      containers:
      - name: web-app
        image: registry/web-app:latest
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: web-app-internal
  namespace: ingress-nginx
spec:
  selector:
      app: web-app
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/enable-access-log: "true"
  name: web-app-ingress
  namespace: ingress-nginx
  labels:
    name: web-app-ingress
spec:
  rules:
  - host: web.app
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: web-app-internal
            port: 
              number: 80

First of all, let me explain, that I try to make the ingress accessible via http internally for the moment. When this is working, the next step will be to establish a ssl certified connection.

Last but not least, a few more relevant data:

• the host defined within the ingress rule resolves to the ip of the externally hosted load-balancer outside the cluster within my own network
• curl -v http://web.app returns the following output:

*   Trying x.x.x.x...
* TCP_NODELAY set
* Connected to web.app (x.x.x.x) port 80 (#0)
> GET / HTTP/1.1
> Host: web.app
> User-Agent: curl/7.64.1
> Accept: */*
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
< 
Client sent an HTTP request to an HTTPS server.
* Closing connection 0

I'm a newbie to all things k8s related, any guess what I miss?

Many thanks in advice!

Answer 1

No, solved the problem. It was an incorrect nginx load-balancer setup. Did indeed pass the 443 and 80 traffic, but not to the exposed Port for http on my worker nodes the ingress-nginx-controller service allocated. After this, everything works fine.

Answer 2

尝试将此注释添加到您的入口。

nginx.ingress.kubernetes.io/backend-protocol=HTTPS