Open glooms opened 7 months ago
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
/remove-kind bug /triage needs-information
And you are using a value of "*"
in the host field so look at the output of kubectl explain ingress.spec.rules.host
Thanks for the quick reply, sorry for this slow one.
I can't really share the full configuration of the cluster I'm afraid since it's close to what we use in production. I'll try to make a minimal configuration that reproduces the issue when I have time.
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev
on Kubernetes Slack.
Background: I have a Pod with two containers that each expose a port, say A and B. The container that listens on port B is a reverse-proxy for the other container, so it will forward all traffic to it. Then, I have a Service (of type ClusterIP) that exposes two ports: A which routes to B and C that routes to A. So basically traffic will go like so:
Both the Service and the Pod have the same metadata.name, let's say
pineapple
. A more concrete way of looking at it:In front of it all I have an Ingress that says that traffic sent to
/pineapple
should go topineapple:A
and examining the Ingress withkubectl describe
shows that the traffic goes topineapple:A (10.244.254:B)
, along the lines of:(I assume that it in practice skips the Service, but still hits the correct Pod-port, thus going through the proxy, which is fine.) But then:
What happened: The traffic is sent directly to
Pod:A
(10.244.254:A) instead, skipping the proxy. Hitting thepineapple:A
from another Pod, i.e. not going through the ingress, hits the proxy correctly.What you expected to happen:
I expected that the traffic would be sent to
pineapple:A
(or 10.244.254:B). It seems like what's happening is that the Ingress in practice goes to the Service's matchingtargetPort
instead of theport
, which I think is a bit unintuitive since (to my understanding)pineapple:A
usually means the Service calledpineapple
on portA
. If I change theIngress
to point topineapple:C
instead it works just fine, i. e. it hits the proxy, even though thekubectl describe
doesn't show an IP in that case. Since portC
isn't even exposed through the Service I think it strengthens the assumption that the Ingress routes towards atargetPort
instead of aport
in this case.NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):
NGINX Ingress controller Release: v1.9.5 Build: f503c4bb5fa7d857ad29e94970eb550c2bc00b7c Repository: https://github.com/kubernetes/ingress-nginx nginx version: nginx/1.21.6
Kubernetes version (use
kubectl version
):Environment:
uname -a
):kubectl version
See abovekubectl get nodes -o wide
If needed, and if anyone is interested in this issue I can provide more information at a later stage.