Azure kubernates Connection refused

Question

Azure kubernates Connection refused

Artur Hovhannisyan 0

I am new at Kubernetes . I have Duende identity server deployed on azure Kubernetes the pod is running, however when I open via browser I get 502 Bad Gateway- ingress logs 6818062 connect() failed (111: Connection refused) while connecting to upstream, client here is my service

apiVersion: v1
kind: Service
metadata:
  name: test-clusterip-srv
spec:
  type: LoadBalancer
  selector:
    app: test-server
  ports:
    - name: test-server-http
      protocol: TCP
      port: 80
      targetPort: 980
    - name: test-worker-https
      port: 443
      targetPort: 9443
      protocol: TCP

I tried to open it via external IP but got ERR_CONNECTION_TIMED_OUT. Here is my ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /test$1
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  ingressClassName: nginx
  tls:
  - hosts:
      - test.eastus.cloudapp.azure.com
    secretName: tls-secret  
  rules:
  - host: test.eastus.cloudapp.azure.com
    http:
      paths:
        - path: /test(.*)
          pathType: ImplementationSpecific
          backend:
            service:
              name: test-clusterip-srv
              port:
                number: 80

shiva patpi 13,366 Reputation points Microsoft Employee Moderator

2024-02-14T19:14:43.97+00:00

Artur Hovhannisyan - Are you able to access using LoadBalancer IP ? Can you also post your deployment YAML file ? Regards, Shiva

Artur Hovhannisyan 0

shiva patpi here is my deployment, service and service account



apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-server-depl
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-server
  template:
    metadata:
      labels:
        app: test-server
        azure.workload.identity/use: "true"
      annotations:
        azure.workload.identity/inject-proxy-sidecar: "true"
    spec:
      serviceAccountName: test-dev-service-account
      containers:
        - name: test-server
          image: test.azurecr.io/test-server
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 9443          
          env:
            - name: "ASPNETCORE_ENVIRONMENT"
              value: "Development"
          volumeMounts:
            - name: secrets
              mountPath: /app/secrets
              readOnly: true
      imagePullSecrets:
        - name: workers-secret
      volumes:
        - name: secrets
          secret:
            secretName: test-identity-secret-appsettings
---
apiVersion: v1
kind: Service
metadata:
  name: test-clusterip-srv
spec:
  type: ClusterIP
  selector:
    app: test-server
  ports:
    - name: test-server-http
      protocol: TCP
      port: 80
      targetPort: 980
    - name: test-worker-https
      port: 443
      targetPort: 9443
      protocol: TCP
---
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    azure.workload.identity/client-id: 

  labels:
    azure.workload.identity/use: "true"
  name: test-dev-service-account
  namespace: default

Artur Hovhannisyan 0 Reputation points

2024-02-15T16:49:08.1366667+00:00

found the soliton needed to add following in ingress nginx.ingress.kubernetes.io/rewrite-target: /hercules$1 nginx.ingress.kubernetes.io/force-ssl-redirect: "true" kubernetes.io/tls-acme: "true" kubernetes.io/ingress.class: "nginx" appgw.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" Thank you shiva patpi anyway

1 answer

Your answer

shiva patpi 13,366 Reputation points Microsoft Employee Moderator

2024-02-14T19:14:43.97+00:00

Artur Hovhannisyan - Are you able to access using LoadBalancer IP ? Can you also post your deployment YAML file ? Regards, Shiva
Artur Hovhannisyan 0 Reputation points

2024-02-14T19:23:30.4966667+00:00

shiva patpi here is my deployment, service and service account

apiVersion: apps/v1 kind: Deployment metadata: name: test-server-depl namespace: default spec: replicas: 1 selector: matchLabels: app: test-server template: metadata: labels: app: test-server azure.workload.identity/use: "true" annotations: azure.workload.identity/inject-proxy-sidecar: "true" spec: serviceAccountName: test-dev-service-account containers: - name: test-server image: test.azurecr.io/test-server imagePullPolicy: IfNotPresent ports: - containerPort: 9443 env: - name: "ASPNETCORE_ENVIRONMENT" value: "Development" volumeMounts: - name: secrets mountPath: /app/secrets readOnly: true imagePullSecrets: - name: workers-secret volumes: - name: secrets secret: secretName: test-identity-secret-appsettings --- apiVersion: v1 kind: Service metadata: name: test-clusterip-srv spec: type: ClusterIP selector: app: test-server ports: - name: test-server-http protocol: TCP port: 80 targetPort: 980 - name: test-worker-https port: 443 targetPort: 9443 protocol: TCP --- apiVersion: v1 kind: ServiceAccount metadata: annotations: azure.workload.identity/client-id: labels: azure.workload.identity/use: "true" name: test-dev-service-account namespace: default
Artur Hovhannisyan 0 Reputation points

2024-02-15T16:49:08.1366667+00:00

found the soliton needed to add following in ingress nginx.ingress.kubernetes.io/rewrite-target: /hercules$1 nginx.ingress.kubernetes.io/force-ssl-redirect: "true" kubernetes.io/tls-acme: "true" kubernetes.io/ingress.class: "nginx" appgw.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" Thank you shiva patpi anyway

Answer 1

Anveshreddy Nimmala 3,550 Microsoft External Staff Moderator

Hi
Artur Hovhannisyan
Thankyou for replying back. the configuration looks correct. However, in ingress file the pathType field is set to ImplementationSpecific, which means that the path type is determined by the Ingress controller. This might cause issues if the Ingress controller is not configured to handle this path type. You might want to consider setting the pathType field to Prefix or Exact to ensure that the path type is correctly configured. In Deployment file the annotations field of the metadata section of the ServiceAccount resource is incomplete. It seems like the azure.workload.identity/client-id annotation is missing a value. You might want to update the annotation with the correct value. If you are still experiencing issues, you can try checking the logs of the Nginx Ingress Controller to see if there are any errors. You can use the following command to check the logs: kubectl logs <nginx-ingress-controller-pod-name> you can try checking the logs of the Pod to see if there are any errors. You can use the following command to check the logs:

kubectl logs <pod-name>

Hope the answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!.

Artur Hovhannisyan 0 Reputation points

2024-02-15T13:59:51.7933333+00:00
I have intentionally removed values for ClientId. I have tried Prefix and Exact, it did not work. Related to logs for pod, it is running and show logs from ASP.NET core. Error logs from Ingress - 7485170 connect() failed (111: Connection refused) while connecting to upstream, client:
Artur Hovhannisyan 0 Reputation points

2024-02-15T16:48:26.4133333+00:00

found the soliton needed to add following in ingress nginx.ingress.kubernetes.io/rewrite-target: /hercules$1 nginx.ingress.kubernetes.io/force-ssl-redirect: "true" kubernetes.io/tls-acme: "true" kubernetes.io/ingress.class: "nginx" appgw.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" Thank you shiva patpi anyway
Anveshreddy Nimmala 3,550 Reputation points Microsoft External Staff Moderator

2024-02-16T04:17:30.1366667+00:00

Hello Artur Hovhannisyan, thankyou for posting the answer here.
Anveshreddy Nimmala 3,550 Reputation points Microsoft External Staff Moderator

2024-02-16T05:20:51.3066667+00:00

Hello Artur Hovhannisyan,Glad to know that your issue is resolved and thanks for sharing the resolution for the benefit of community. We noticed your feedback that the above answer was not helpful.
Thank you for taking time to share feedback. We value your feedback and want to see if there is anything we can do to improve it and make this a positive experience for you. Thanks!

Share via

Azure kubernates Connection refused

1 answer

Your answer