Nginx Ingress Azure Kubernetes Service - Connection timed out - possible 404

Question

For the past few days, I have been trying to follow the steps of this tutorial in order to set up Nginx with external-dns in an Azure Kubernetes Cluster.

Everything looks alright until I try to reach my sample pod via my new subdomain in the last step of the tutorial.

curl sample.<my domain> -v

Eventually fails after 2 minutes (connection timed out), but the right ip address of the node balancer is resolved at least.

Here are the steps I have been doing, if you want to follow along: https://zerobin.org/?3189aa0a24fbfbb7#rVQe86mgxmgRymqXtMP1N1JJuBGQTd4v4kwgjpCKCBu

I added log level 5 to the Nginx pod

containers:
    - name: controller
      image: >-
        registry.k8s.io/ingress-nginx/controller:v1.9.1@sha256:605a737877de78969493a4b1213b21de4ee425d2926906857b98050f57a95b25
      args:
        - /nginx-ingress-controller
        - --v=5

The logs seem to indicate that an immediate 404 error is produced, I am also not faithful that the right ip address is used to forward the request.

So I retrieved the nginx.conf from the pod but it is very complex and autogenerated and I can't really judge if this is correct.

At this point, I would really appreciate the support of someone who has experience with Nginx...

Answer 1

Okay, after some consulting with other developers, who encountered the same issue, I was able to get this working. It seems like this configuration currently needs one ingress rule without a host definition to work. This has the drawback of exposing one service directly via the IP address, but if it concerns you, you can just put a dummy there. If you do want to provide this host-less ingress rule with a DNS entry you can use the following annotation:

kind: Ingress
metadata:
  name: hostless-rule
  annotations:
    external-dns.alpha.kubernetes.io/hostname: subdomain.<Your Domain>

Finally, here is an alternative sample-app.yaml that defines an otherwise redundant (apart from that it makes this setup work) hostless-rule. Further pods & subdomains can be added as usual via host, you only need one hostless-rule in your cluster.

apiVersion: v1
kind: Pod
metadata:
  name: webserver
  labels:
    app: nginx
    name: sample
spec:
  containers:
  - name: main
    image: nginx:alpine
    resources:
      limits:
        memory: "64Mi"
        cpu: "200m"
      requests:
        memory: "48Mi"
        cpu: "100m"
    ports:
      - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: web
spec:
  selector:
    app: nginx
    name: sample
  ports:
  - port: 8080
    targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sample-rule
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
    - host: sample.<Your Domain>
      http:
        paths:
          - path: /
            pathType: "Prefix"
            backend:
              service:
                name: web
                port: 
                  number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hostless-rule
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
    - http:
        paths:
          - path: /
            pathType: "Prefix"
            backend:
              service:
                name: web
                port: 
                  number: 8080

Answer 2

I went through the document from which you referred and was able to create the cluster, the required namespaces, ingress controller and was able to deploy the external dns as below-

# Add Helm repository
helm repo add bitnami https://charts.bitnami.com/bitnami

# Update repositories
helm repo update

# Create Kubernetes namespace for External-DNS
kubectl create namespace externaldns

# Create tailored External-DNS deployment

helm install external-dns bitnami/external-dns \
    --wait \
    --namespace externaldns \
    --set txtOwnerId=$AZ_AKS_NAME \
    --set provider=azure \
    --set azure.resourceGroup=$AZ_DNS_GROUP \
    --set txtOwnerId=$AZ_AKS_NAME \
    --set azure.tenantId=$AZ_TENANT_ID \
    --set azure.subscriptionId=$AZ_SUBSCRIPTION_ID \
    --set azure.aadClientId=$SP_CLIENT_ID \
    --set azure.aadClientSecret="$SP_CLIENT_SECRET" \
    --set azure.cloud=AzurePublicCloud \
    --set policy=sync \
    --set domainFilters={$DOMAIN_NAME}

I created the service principle and added the necessary secrets and roles from the azure portal as below.

I don't have access any custom domain name to test it from external dns, please refer MS document which gives a detailed step by step solution. Hope this helps.