Ingress routes to incorrect port

[glooms]

Background: I have a Pod with two containers that each expose a port, say A and B. The container that listens on port B is a reverse-proxy for the other container, so it will forward all traffic to it. Then, I have a Service (of type ClusterIP) that exposes two ports: A which routes to B and C that routes to A. So basically traffic will go like so:

Service:A -> Pod:B -> Pod:A
Service:C -> Pod:A

Both the Service and the Pod have the same metadata.name, let's say pineapple. A more concrete way of looking at it:

pineapple:A -> 10.244.254:B -> 10.244.254:A
pineapple:C -> 10.244.254:A

In front of it all I have an Ingress that says that traffic sent to /pineapple should go to pineapple:A and examining the Ingress with kubectl describe shows that the traffic goes to pineapple:A (10.244.254:B), along the lines of:

Rules:
  Host        Path  Backends
  ----        ----  --------
  *
              /api/v1/pineapple   pineapple:A (10.244.254.169:B)

(I assume that it in practice skips the Service, but still hits the correct Pod-port, thus going through the proxy, which is fine.) But then:

What happened: The traffic is sent directly to Pod:A (10.244.254:A) instead, skipping the proxy. Hitting the pineapple:A from another Pod, i.e. not going through the ingress, hits the proxy correctly.

What you expected to happen:

I expected that the traffic would be sent to pineapple:A (or 10.244.254:B). It seems like what's happening is that the Ingress in practice goes to the Service's matching targetPort instead of the port, which I think is a bit unintuitive since (to my understanding) pineapple:A usually means the Service called pineapple on port A. If I change the Ingress to point to pineapple:C instead it works just fine, i. e. it hits the proxy, even though the kubectl describe doesn't show an IP in that case. Since port C isn't even exposed through the Service I think it strengthens the assumption that the Ingress routes towards a targetPort instead of a port in this case.

NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):

---

NGINX Ingress controller Release: v1.9.5 Build: f503c4bb5fa7d857ad29e94970eb550c2bc00b7c Repository: https://github.com/kubernetes/ingress-nginx nginx version: nginx/1.21.6

---

Kubernetes version (use kubectl version):

Client Version: v1.29.1
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.26.13

Environment:

• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release): AlmaLinux?
• Kernel (e.g. uname -a):
• Install tools:
  • Installed using ArgoCD
• Basic cluster related info:
  • kubectl version See above
  • kubectl get nodes -o wide

    NAME                                         STATUS   ROLES           AGE    VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                    KERNEL-VERSION                 CONTAINER-RUNTIME
    ******************************************   Ready    <none>          7d5h   v1.26.9   10.76.146.99    <none>        AlmaLinux 9.1 (Lime Lynx)   5.14.0-162.18.1.el9_1.x86_64   containerd://1.6.18
    ******************************************   Ready    <none>          7d5h   v1.26.9   10.76.149.253   <none>        AlmaLinux 9.1 (Lime Lynx)   5.14.0-162.18.1.el9_1.x86_64   containerd://1.6.18
    ******************************************   Ready    <none>          7d5h   v1.26.9   10.76.149.254   <none>        AlmaLinux 9.1 (Lime Lynx)   5.14.0-162.18.1.el9_1.x86_64   containerd://1.6.18
    ******************************************   Ready    control-plane   7d5h   v1.26.9   10.76.149.255   <none>        AlmaLinux 9.1 (Lime Lynx)   5.14.0-162.18.1.el9_1.x86_64   containerd://1.6.18

If needed, and if anyone is interested in this issue I can provide more information at a later stage.

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[longwuyuan]

/remove-kind bug /triage needs-information

• Someone asked a similar question on slack https://kubernetes.slack.com/archives/CANQGM8BA/p1708414070257239
• The information needed to review this is asked in the template of a new bug-report but you have not provided
• So look at the template of a new bug-report and answer all the questions
• In essence, the info like below will show the config
  • kubectl get all -o wide -A | grep -i ingress
  • kubectl get all -o wide -n
  • kubectl describe ing -n
• The info like below will show the current behaviour
  • Complete curl command as it is run in real with -v
  • Logs of the controller pod after running the curl command
  • Logs of the app pod after running the curl command

[longwuyuan]

And you are using a value of "*" in the host field so look at the output of kubectl explain ingress.spec.rules.host

[glooms]

Thanks for the quick reply, sorry for this slow one.

I can't really share the full configuration of the cluster I'm afraid since it's close to what we use in production. I'll try to make a minimal configuration that reproduces the issue when I have time.

[github-actions[bot]]

This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.