kubernetes
Expose nginx_status page
Hello,
Please can a ingress-nginx feature be created to expose the nginx_status page so that other monitoring applications in a cluster can read it. If this is already possible can you please provide support on how to enable it whilst managing the latest controller version through helm chart.
I've had some requests internal to my organisation to enable this and i've tried but not been able to.
Related issues:
- https://github.com/kubernetes/ingress-nginx/issues/4952
- https://github.com/kubernetes/ingress-nginx/issues/4403
Testing With a latest, mostly vanilla version of the controller managed by helm chart the status page is available on localhost on these 2 ports:
kubectl -n ingress-nginx -it exec ingress-nginx-controller-5f457c8bd-6lx5t -- curl localhost:10246/nginx_status
Active connections: 1
server accepts handled requests
4253 4253 1870
Reading: 0 Writing: 1 Waiting: 0
kubectl -n ingress-nginx -it exec ingress-nginx-controller-5f457c8bd-6lx5t -- curl localhost:80/nginx_status
Active connections: 1
server accepts handled requests
4137 4137 1819
Reading: 0 Writing: 1 Waiting: 0
I can also use port-forward:
kubectl -n ingress-nginx port-forward pod/ingress-nginx-controller-79b9f6d4bd-c85nx 10246:10246
However I'm not able to access the page from other pods (checked that network policies etc. are not getting in the way) and I get the following outcomes. I'm using an in-cluster metricbeat to integrate but that should be enough to illustrate.
# Port 80
# Metricbeat
error fetching status: HTTP error 403 in : 403 Forbidden
# Nginx logs
2022/10/21 10:10:59 [error] 170#170: *49919 access forbidden by rule, client: a.b.c.d, server: _, request: "GET /nginx_status HTTP/1.1", host: "w.x.y.z:80"
# Port 10246
# Metricbeat
error fetching status: error making http request: Get "http://w.x.y.z:10246/nginx_status": dial tcp w.x.y.z:10246: connect: connection refused
Need some way to expose this page outside of the pod, without any denial, if possible.
