Question 97373 in Nginx Question posted in
The official documentation can be found here.

AKS Ingress controller DNS gives 404 error – Nginx

I have created aks cluster with 2 services exposed using Ingress controller

below is the yml file for ingress controller with TLS

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: xyz-office-ingress02
  annotations:
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - office01.xyz.com
    secretName: tls-office-secret
  rules:
  - host: office01.xyz.com
  - http:
      paths:
      - path: /(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: office-webapp
            port:
              number: 80
      - path: /api/
        pathType: Prefix
        backend:
          service:
            name: xyz-office-api
            port:
              number: 80

kubenctl describe ing

 Name:             xyz-office-ingress02
Labels:           <none>
Namespace:        default
Address:          <EXTERNAL Public IP>
Ingress Class:    <none>
Default backend:  <default>
TLS:
  tls-office-secret terminates office01.xyz.com
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           
              /(/|$)(.*)   office-webapp:80 (10.244.1.18:80,10.244.2.16:80)
              /api/        xyz-office-api:80 (10.244.0.14:8000,10.244.1.19:8000)
Annotations:  cert-manager.io/cluster-issuer: letsencrypt
              kubernetes.io/ingress.class: nginx
              nginx.ingress.kubernetes.io/rewrite-target: /
              nginx.ingress.kubernetes.io/use-regex: true
Events:       <none>

On IP i am able to access both services, however when using the DNS it is not working and gives 404 error

Tags:

2

Answers


  1. 0

    I tried to reproduce the same issue in my environment and got the below results

    I have created the dns zone for the cluster

    enter image description here

    Created the namespace

    kubectl create namespace ingress-basic

    enter image description here

    I have installed the helm repo and used the helm to deploy the ingress controller

    helm install ingress-nginx ingress-nginx/ingress-nginx   
--namespace <namespace-name>   
--set controller.replicaCount=2

    enter image description here

    When I check in the logs I am able to see public IP with load balancer

    enter image description here

    I have created the some role assignments to connect the DNS zones

    enter image description here

    Assigned the managed identity of cluster node pool DNS contributor rights to the domain zone

    az role assignment create --assignee $UserClientId --role 'DNS Zone Contributor' --scope $DNSID

    I have run some helm commands to deploy the dns zones

    helm install external-dns bitnami/external-dns --namespace ingress-basic --set provider=azure --set txtOwnerId=<cluster-name> --set policy=sync --set azure.resourceGroup=<rg-name> --set azure.tenantId=<tenant-id> --set azure.subscriptionId=<sub-id> --set azure.useManagedIdentityExtension=true --set azure.userAssignedIdentityID=<UserClient-Id>

    enter image description here

    I have installed the cert manager using helm

    helm install cert-manager jetstack/cert-manager   
--namespace ingress-basic   
--version vXXXX

    I have created and run the application

    vi nginxfile.yaml
 kubectl apply -f file.yaml

    I have created the ingress route it will configure the traffic to the application
    After that we have to verify the certificates it will create or not and wait for few minutes it will update the DNS zone

    I have created the cert manager and deployed that cluster

    kubectl apply -f file.yaml --namespace ingress-basic

    Please find this url for Reference for more details

    Login or Signup to reply.
  2. 0

    Cleaning up remarks from comments: basically, the issue is with the ingress rules definition. We have the following:

      rules:
  - host: office01.xyz.com
  - http:
      paths:
        ...

    We know connecting to ingress directly does work, without using DNS. While when querying it through DNS: we get a 404.

    The reason for this 404 is that, when entering with a DNS name, you enter the first rules. In which you did not define any backend.

    One way to fix this would be to relocate the "host" part of that ingress with your http rules, eg:

    spec:
  tls:
    ...
  rules:
  - host: office01.xyz.com
    http: #no "-", not a new entry => http & host belong to a single rule
      paths:
      - path: /(/|$)(.*)
        ...
      - path: /api/
        ...
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search