upgrade kubernetes - ingress doesnt working

Juan Porta 0 Reputation points
2023-03-15T08:01:53.6+00:00

Hii!!

Thanks for help us.

After updating the kubernetes version from 1.19 to 1.26, it gave us an error that the ingress were wrong because of the ApiVersion, we changed it from apiversion v1beta1 to v1 and we were able to apply the changes correctly. but the ingress still does not go, instead if we use a loadbalancer that we had configured from before, it works for us.

I would like know if is possible see any log or something for know where is the error? because i feel is so difficult know what is the error.

becuase i don't know if the error is in ingress's configuration or service's configuration , I think the pod is OK, because the another loadBalancer work fine..

this is my ingress's configuration

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: apidev.XXX.com
  namespace: dev
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.org/proxy-connect-timeout: '30s'
    nginx.org/proxy-read-timeout: '20s'
    nginx.org/client-max-body-size: '4m'
    nginx.org/websocket-services: 'svc-XXX-dev'
spec:
  ingressClassName: nginx
  # ingressClassName: nginx # use only with k8s version >= 1.18.0
  tls:
    - hosts:
        - apidev.XXX.com
      secretName: XXX-ssl-secret
  rules:
    - host: apidev.XXX.com
      http:
        paths:
          - path: /api
            pathType: Prefix
            backend:
              service:
                name: svc-XXX-dev
                port:
                  number: 65000
          - path: /subs
            pathType: Prefix
            backend:
              service:
                name: svc-XXX-dev
                port:
                  number: 65000
          - path: /subscriptions
            pathType: Prefix
            backend:
              service:
                name: svc-XXX-dev
                port:
                  number: 65000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api-dev.XXX.com
  namespace: dev
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.org/proxy-connect-timeout: '30s'
    # nginx.org/proxy-read-timeout: "20s"
    nginx.org/proxy-read-timeout: '3600s'
    nginx.org/proxy-send-timeout: '3600s'
    nginx.org/client-max-body-size: '4m'
    nginx.org/websocket-services: 'svc-XXX-dev'
spec:
  # ingressClassName: nginx # use only with k8s version >= 1.18.0
  tls:
    - hosts:
        - api-dev.XXX.com
      secretName: XXX-ssl-secret
  rules:
    - host: api-dev.XXX.com
      http:
        paths:
          - path: /api
            pathType: Prefix
            backend:
              service:
                name: svc-XXX-dev
                port:
                  number: 65000
          - path: /subs
            pathType: Prefix
            backend:
              service:
                name: svc-XXX-dev
                port:
                  number: 65000
          - path: /subscriptions
            pathType: Prefix
            backend:
              service:
                name: svc-XXX-dev
                port:
                  number: 65000

Thanks!!

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
888 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,821 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrei Barbu 2,576 Reputation points Microsoft Employee
    2023-03-15T08:11:25.9533333+00:00

    Hello Juan Porta,

    Thank you for reaching out!

    As per this Behavioral Change from AKS Release Notes:
    "For Kubernetes 1.24+ the services of type LoadBalancer with appProtocol HTTP/HTTPS will switch to use HTTP/HTTPS as health probe protocol (while before v1.24.0 it uses TCP). And / will be used as the default health probe request path. If your service doesn’t respond 200 for /, please ensure you're setting the service annotation service.beta.kubernetes.io/port_{port}_health-probe_request-path or service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path (applies to all ports) with the correct request path to avoid service breakage."

    This can lead to ingress traffic is not being forwarded to the respective services in the AKS cluster, due to the failure in the load balancer's health probes.

    The most common scenario faced is with the nginx ingress controller, where the default path for the probe is /healthz.

    As mentioned in the release notes, prior to the upgrade, the health probe would be using TCP, and thus the issue is not occurring.

    After the upgrade, the health probe would start using HTTP/s on the / path, which would cause it to fail.

    Please check if this is affecting you and if yes, add the following annotation to the affected nginx-ingress controller Kubernetes service type LoadBalancer to point it to the correct path.

    service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/healthz"


    I hope this is helpful. If any clarification needed, let me know and I will do my best to answer.

    Please "Accept as Answer" and Upvote if it helped, so that it can help others in the community looking for help on similar topics.

    Thank you!

    1 person found this answer helpful.