Search code examples
kuberneteskubernetes-ingressnginx-ingresskubernetes-service

Nginx Ingress returning 404 when accessing the services

I have setup K8s cluster on AWS. I have followed the Nginx Ingress setup using the link - Ingress-Setup. I then tried to deploy a coffee application using the link - demo-application and accessing the coffee application, I am getting a 404 error. I am getting a 200 OK response when accessing the curl http://localhost:8080/coffee from within the pod. I am not sure how to troubleshoot this issue.

[ec2-user@ip-172-31-37-241 service]$ curl -vv --resolve cafe.example.com:$IC_HTTPS_PO RT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/coffee --insecure
* Added cafe.example.com:443:65.1.245.71 to DNS cache
* Hostname cafe.example.com was found in DNS cache
*   Trying 65.1.245.71:443...
* Connected to cafe.example.com (65.1.245.71) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=NGINXIngressController
*  start date: Sep 12 18:03:35 2018 GMT
*  expire date: Sep 11 18:03:35 2023 GMT
*  issuer: CN=NGINXIngressController
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /coffee HTTP/1.1
> Host: cafe.example.com
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Server: nginx/1.21.0
< Date: Fri, 10 Sep 2021 03:24:23 GMT
< Content-Type: text/html
< Content-Length: 153
< Connection: keep-alive
<
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.21.0</center>
</body>
</html>
* Connection #0 to host cafe.example.com left intact

Ingress definition:

apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  - port: 443
    targetPort: 443
    protocol: TCP
    name: https
  selector:
    app: nginx-ingress

Successful response when accessing the pods directly

[ec2-user@ip-172-31-37-241 service]$ kubectl get pods
NAME                      READY   STATUS    RESTARTS   AGE
coffee-6f4b79b975-b5ph5   1/1     Running   0          29m
coffee-6f4b79b975-grzh5   1/1     Running   0          29m
tea-6fb46d899f-5hskc      1/1     Running   0          29m
tea-6fb46d899f-bzp88      1/1     Running   0          29m
tea-6fb46d899f-plq6j      1/1     Running   0          29m
[ec2-user@ip-172-31-37-241 service]$ kubectl exec -it coffee-6f4b79b975-b5ph5 /bin/sh kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
/ $ curl -vv http://localhost:8080/coffee
*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /coffee HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.78.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.21.3
< Date: Fri, 10 Sep 2021 03:29:08 GMT
< Content-Type: text/plain
< Content-Length: 159
< Connection: keep-alive
< Expires: Fri, 10 Sep 2021 03:29:07 GMT
< Cache-Control: no-cache
<
Server address: 127.0.0.1:8080
Server name: coffee-6f4b79b975-b5ph5
Date: 10/Sep/2021:03:29:08 +0000
URI: /coffee
Request ID: e7fbd46fde0c34df3d1eac64a36e0192
* Connection #0 to host localhost left intact
Solution

  • Your application is listening on port 8080. In your Service file you need to use the targetPort as 8080.

    apiVersion: v1
kind: Service
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"  
spec:
  type: LoadBalancer
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
    name: http
  - port: 443
    targetPort: 8080
    protocol: TCP
    name: https
  selector:
    app: nginx-ingress