Search code examples
reactjsazurekuberneteskubernetes-ingressazure-aks

k8s aks react routing issue: not routing from svc ip but works fine from localhost ip

on portforwading the svc & ingress to localhost, everything works fine. with public IP from svc & nginx ingress, the frontend is reachable and works fine, only issue is it doesn't route to the next page, while it does in localhost. where could this possible go wrong?

infra:
managed k8s: Azure AKS
frontend: react dockerized & served via nginx

ingress: nginx ingress controller

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  ingressClassName: nginx
  rules:
    - host: ""
      http:
        paths:
          - path: /api(/|$)(.*)
            pathType: ImplementationSpecific
            backend:
              service:
                name: api-svc
                port:
                  number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: frontend-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/use-regex: "true"
    # nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/enable-modsecurity: "true"
    nginx.ingress.kubernetes.io/enable-owasp-modsecurity-crs: "true"
spec:
  ingressClassName: nginx
  rules:
    - host: ""
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: frontend-app-svc
                port:
                  number: 80
  1. NSG is fine from AKS
  2. localhost portforwading of frontend works fine, but only routing is not happening from public ip of svc & ingress
  3. backend svc works fine in all cases
  4. tried to get to the exact path after login, but it doesn't work
  5. tried to kill everything and redo
  6. several retries with ingress rules
Solution

  • This is solved, posting this answer if this helps anyone. the root cause is, if localhost portforwading works fine, and the domain doesn't, possibly it'd be because of the following,

    1. check NSG rules for the ip
    2. check if there any hostnames list on your application level, ie, allow API only if the request is from the defined ip, or route only from the defined lists
    3. remove ingress rules, and try verifying on svc level, so to verify if it's path issue or application-level issue

    mostly these helped me to find the root cause, in my case, application had allowedHostnames list and auth routing would only work if the ip is from this list.