why i get the error "backend - 404 error" when trying to deploy tls ingress in kubernetes with no errors on events - Nginx

FranciscoVillegas
October 30, 2021
204 views
0 votes
2 Answers

I’m trying to deploy a simple Ingress service and works when is Ingress without the Secure function(tls), but when I include the cert tls it always returns me "backend – 404 error"

I already installed "cert manager", "ingress-nginx" and already checked if this install is ok

EDIT: I explained all the steps I’m doing

EDIT2: I updated the cert-manager’s version to v1.5.4

these were the steps:

1.- install nginx controller for my ip

helm install bitnami/nginx-ingress-controller --set controller.service.loadBalancerIP="[MY-STATIC-IP]",rbac.create=true --generate-name

2.- Apply deployment and service (app.yaml)

apiVersion: apps/v1
kind: Deployment
metadata:
  name: taxisbahiadeploy
  labels:
    type: endpoints-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: taxisbahiadeploy
  template:
    metadata:
      labels:
        app: taxisbahiadeploy
    spec:
      containers:
      - name: taxisbahiadeploy
        image: gcr.io/google-samples/hello-app:1.0
        imagePullPolicy: Always
        ports:
          - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: taxisbahia
spec:
  ports:
    - port: 8080
      targetPort: 8080
  selector:
    app: taxisbahiadeploy

3.- Configure let’s encrypt

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.crds.yaml

kubectl create namespace cert-manager

helm repo add jetstack https://charts.jetstack.io

helm repo update

helm install 
  cert-manager 
  --namespace cert-manager 
  --version v1.5.4 
  jetstack/cert-manager

4- Apply the Issuer (issuer.yaml)

apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: '[email protected]'
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
      - http01:
          ingress:
            class: nginx
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: '[email protected]'
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: nginx

5.- Final Step, this is the Ingress where it fails (ingress-tls.yaml)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: esp-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/issuer: "letsencrypt-staging"
spec:
  tls:
  - hosts:
    - domain.com
    secretName: esp-tls
  rules:
    - host: domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: taxisbahia
                port:
                  number: 8080

Answers

- HarshManvar
- October 30, 2021 at 8:31 am
- 0 votes
0
i think your TLS domain part should be something like check your host
```
spec:
  tls:
  - hosts:
    - example.example.com
    secretName: quickstart-example-tls
```
Reference : https://cert-manager.io/docs/tutorials/acme/ingress/
Login or Signup to reply.

- Beefcake
- November 1, 2022 at 1:50 am
- 0 votes
0
First of all make sure that you are actually visiting https://yourapp.com

Had the same issue but then I realized I was actually trying HTTP, which is no longer available after TLS is added.

Login or Signup to reply.