search

jaegertracing / helm-charts

Helm Charts for Jaeger backend
Apache License 2.0
258 stars 340 forks source link

[Bug]: Jaeger helm chart with default root basepath and AWS ALB ingress creates path rule for `/´ breaking the UI #435

Closed mikkotimoharju closed 1 year ago

mikkotimoharju commented 1 year ago

What happened?

Installing jaeger helm chart version 0.66.1 in AWS EKS with ALB ingress for jaeger-query will use $basePath variable as the ingress host path rule. This will cause the ALB to allow only requests with the path / and the UI becomes unusable.

The reason is that with the current query-ing.yaml template the ingress is created with a following spec:

spec:
    ingressClassName: alb
    rules:
    - host: <redacted>
      http:
        paths:
        - backend:
            service:
              name: jaeger-query
              port:
                number: 16686
          path: /
          pathType: ImplementationSpecific

This will create the ALB with a path rule that expects all queries to match exactly /. Any other path will be rejected (for example any<jaeger-query-host>/static/* resource) and the UI will be a blank page.

Steps to reproduce

  1. Setup AWS EKS with aws-load-balancer-controller
  2. Install Helm chart with the following values.yaml for query
query:
  service:
    port: 16686
  ingress:
    enabled: true
    ingressClassName: alb
    annotations:
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: "internet-facing"
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]'
      alb.ingress.kubernetes.io/certificate-arn: <redacted>
      alb.ingress.kubernetes.io/inbound-cidrs: <redacted>
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    hosts:
      host: <redacted>
    health:
      exposed: false

Expected behavior

Jaeger query UI is accessible through the ALB and specified hostname

Relevant log output

No response

Screenshot

No response

Additional context

No response

Jaeger backend version

v1.39.0

SDK

No response

Pipeline

No response

Stogage backend

No response

Operating system

AWS EKS

Deployment model

Kubernetes

Deployment configs

query:
  service:
    port: 16686
  ingress:
    enabled: true
    ingressClassName: alb
    annotations:
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: "internet-facing"
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]'
      alb.ingress.kubernetes.io/certificate-arn: <redacted>
      alb.ingress.kubernetes.io/inbound-cidrs: <redacted>
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    hosts:
      host: <redacted>
    health:
      exposed: false
Laakso commented 1 year ago

I can confirm. I am seeing the same problem as well.

itaytalmi commented 1 year ago

I ran into the same issue and ended up modifying the Helm Chart to get it working for now. Changed pathType in jaeger/templates/allinone-ing.yaml from ImplementationSpecific to Prefix.

This line: https://github.com/jaegertracing/helm-charts/blob/main/charts/jaeger/templates/allinone-ing.yaml#L25

The standard ALB configuration then worked for me.

allInOne:
  enabled: true
  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/group.name: some-group-name
      alb.ingress.kubernetes.io/certificate-arn: <redacted>
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/ssl-redirect: '443'
    hosts:
      - <redacted>

A similar/related issue has also been reported in #423.

I see the query-ing.yaml template has the same configuration. https://github.com/jaegertracing/helm-charts/blob/main/charts/jaeger/templates/query-ing.yaml#L30 The above solution should work here as well.