caasp-services
caasp-services copied to clipboard
SUSE
Portus nginx error
Problem
The following yaml is values file i used. values.yaml.txt
- I got error message(HTTP 400) When i used service port as 80.
<values.yaml>
service:
port: 80
<On my Browser>
The plain HTTP request was sent to HTTPS port
<Pod Logs>
$ kubectl logs -f portus-portus-nginx-75444987c5-7cqhd -n portus
172.30.130.174 - - [16/Apr/2018:06:06:26 +0000] "GET / HTTP/1.1" 400 666 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36"
...
- I got error message(HTTP 502) When i used service port as 443. It looks like that Ingress request to nginx pod via 443 port. But nginx pod is listening only 80 port.
<values.yaml>
service:
port: 443
<On my Browser>
502 Bad Gateway
<Ingress Logs>
[error] 1454#1454: *44641 connect() failed (111: Connection refused) while connecting to upstream, client: 10.178.118.223, server: portus.ghama.io, request: "GET /favicon.ico HTTP/1.1", upstream: "http://172.30.125.75:443/favicon.ico", host: "portus.ghama.io", referrer: "https://portus.ghama.io/"
...
<Nginx pod logs>
$ kubectl logs -f portus-portus-nginx-75444987c5-7cqhd -n portus
none
<Nginx pod describe>
$ kubectl describe pod portus-portus-nginx-cb75f6944-6n27d -n portus
IP: 172.30.125.75
Containers:
portus-portus-nginx:
Port: 443/TCP
...
<Nginx pod netstat>
kubectl exec -it -n portus portus-portus-nginx-cb75f6944-6n27d sh
/ # netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1/nginx: master pro
Environment
-helm version : 2.8.1 -portus Chart.yaml version : portus-0.1.2 -kubernetes version : 1.8.8
I can access to dashboard when i set tls to false.
portus:
tls:
enabled: false
service:
type: "ClusterIP"
port: 80
ingress:
tls:
enabled: false
There's typo in nginx-configmap.yaml, there's missing ; on line with listen directive. I'll try to create PR
EDIT: fixed by this PR: https://github.com/kubic-project/caasp-services/pull/42
@malvex Thanks. The nginx can listen 443 port. But there is an error still. It looks like that Ingress send request as http not https. (Please see nginx log)
<values.yaml>
service:
port: 443
<On my Browser>
400 Bad Request
The plain HTTP request was sent to HTTPS port
<Ingress Logs>
{"time_date": "2018-04-17T02:58:38+00:00","client": "10.178.118.223", "host": "portus.ghama.io", "scheme": "https", "request_method": "GET", "request_uri": "/", "request_id": "5261ee619ba282123facf39873f03608", "status": 400, "upstream_addr": "172.30.125.106:443", "upstream_status": 400, "request_time": 0.001, "upstream_response_time": 0.001, "upstream_connect_time": 0.000, "upstream_header_time": 0.001}
{"time_date": "2018-04-17T02:58:38+00:00","client": "10.178.118.223", "host": "portus.ghama.io", "scheme": "https", "request_method": "GET", "request_uri": "/favicon.ico", "request_id": "aeb786ef9786265c3c035dca0855d477", "status": 400, "upstream_addr": "172.30.125.106:443", "upstream_status": 400, "request_time": 0.001, "upstream_response_time": 0.001, "upstream_connect_time": 0.000, "upstream_header_time": 0.001}
...
<Nginx pod logs>
$ kubectl logs -f portus-portus-nginx-cb75f6944-dwnbr -n portus
172.30.130.174 - - [17/Apr/2018:02:53:52 +0000] "GET /favicon.ico HTTP/1.1" 400 666 "https://portus.ghama.io/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36"
172.30.130.174 - - [17/Apr/2018:02:53:53 +0000] "GET / HTTP/1.1" 400 666 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safari/537.36"
<Nginx pod describe>
$ kubectl describe pod portus-portus-nginx-cb75f6944-dwnbr -n portus
IP: 172.30.125.106
Containers:
portus-portus-nginx:
Port: 443/TCP
I met the same issues, and it is solved by adding the following annotations for ingress.annotations in values.yaml
nginx.ingress.kubernetes.io/secure-backends: "true"
yzha
