search

emissary-ingress / emissary

open source Kubernetes-native API gateway for microservices built on the Envoy Proxy
https://www.getambassador.io
Apache License 2.0
4.35k stars 681 forks source link

Can't make the demo/tutorials work, always get 404 #5778

Closed Chadak closed 3 weeks ago

Chadak commented 1 month ago

Describe the bug I am trying to install the demo but my calls always give a 404 and i don't understand why. I've read the documentation of the mapping/host/listener but still don't understand what to do next to have this setup working.

To Reproduce Steps to reproduce the behavior:

  1. install a NLB with https://www.getambassador.io/docs/emissary/latest/topics/running/ambassador-with-aws those are my service annotations 
    service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS-1-2-2017-01
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-1:1234567890:certificate/mycertarn123-123-123"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
ports:
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8080
  2. install this demo https://www.getambassador.io/docs/emissary/latest/tutorials/getting-started my values are 
    ---
apiVersion: getambassador.io/v3alpha1
kind: Host
metadata:
name: emissary
namespace: emissary
spec:
hostname: "*"
selector:
matchLabels:
  hostname: wildcard
acmeProvider:
authority: none
requestPolicy:
insecure:
  action: Route
---
apiVersion: getambassador.io/v3alpha1
kind: Listener
metadata:
name: emissary-ingress-listener-http
namespace: emissary
spec:
port: 8080
protocolStack: [ "PROXY", "HTTP", "TCP" ]
securityModel: INSECURE
hostBinding:
namespace:
  from: ALL
---
apiVersion: getambassador.io/v3alpha1
kind: Listener
metadata:
name: emissary-ingress-listener-https
namespace: emissary
spec:
port: 8443
protocolStack: [ "PROXY", "TLS", "HTTP", "TCP" ]
securityModel: SECURE
hostBinding:
namespace:
  from: ALL
---
apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
name: quote-backend
namespace: emissary
spec:
hostname: "*"
prefix: /backend/
service: quote
docs:
path: "/.ambassador-internal/openapi-docs"
  3. when i curl my the demo /backend/ i get a 404
  4. in the pod of emissary-ingress i have this message.
':path', '/backend/'
':method', 'GET'
'connection', 'keep-alive'
'cache-control', 'max-age=0'
'sec-ch-ua', '"Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"'
'sec-ch-ua-mobile', '?0'
'sec-ch-ua-platform', '"macOS"'
'upgrade-insecure-requests', '1'
'dnt', '1'
'user-agent', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36'
'accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
'sec-fetch-site', 'cross-site'
'sec-fetch-mode', 'navigate'
'sec-fetch-user', '?1'
'sec-fetch-dest', 'document'
'accept-encoding', 'gzip, deflate, br, zstd'
'accept-language', 'en-CA,en;q=0.9'

[2024-08-20 12:55:07.453][36][debug][http] [source/common/http/conn_manager_impl.cc:1022] [C13157][S11439922558654167206] request end stream
[2024-08-20 12:55:07.453][36][debug][connection] [./source/common/network/connection_impl.h:98] [C13157] current connecting state: false
[2024-08-20 12:55:07.453][36][debug][router] [source/common/router/config_impl.cc:1830]
route was resolved but final route list did not match incoming request
[2024-08-20 12:55:07.453][36][debug][router] [source/common/router/router.cc:408] [C13157][S11439922558654167206]
no route match for URL '/backend/'

Expected behavior I expect the mapping to route the request instead of giving a 404

Versions (please complete the following information):

Additional context Add any other context about the problem here.

cindymullins-dw commented 3 weeks ago

If you use the label selector on the Host you'll need to add it to the Mapping as well, as the matching is strict in that case. As a simple config, you might just try removing the below from the Host since you’re already using the wildcard hostname.

selector: matchLabels: hostname: wildcard

Chadak commented 3 weeks ago

Yeah that seems to do it. Thanks you very much for your time!