Open Loksonick opened 7 months ago
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
/remove-kind bug
kubectl
command output that proxy-protocol is enabled on controllerkubectl describe
output for the related resources/triage needs-information
Please show proof screenshot that proxy-protocol is enabled on GCP LB I can't edit GCP load balancer, poxy-protocol checkbox is not visible (I was following nginx docs, end up here, but proxy-protocol wasn't visible)
Please show proof kubectl command output that proxy-protocol is enabled on controller
Issue edited. kubectl describe cm -n ingress-nginx ingress-nginx-controller
is fine?
Please remove the yaml info and please show the kubectl describe output for the related resources There is ingress-nginx pod, configmap and services describe, anything else?
You have not answered many questions asked in the template so please answer them in MD format I think those unanswered questions werre answered in other bulletpoint, anything more than present is essential?
Please show real actual curl command used to make HTTP request Done.
Please show the actual logs of the controller pod so the logmessages of the curl related request are visible I think that was done before but updated it anyway.
It seems I don't understand something. I don't use loadbalancer creted "by" GCP. If uninstall nginx-controller from my cluster there will be no loadbalancers listed in GCP thus I assume the only LB I have is the nginx one created in cluster.
"kind: service"
of "--type LoadBalancer"
"networking.gke.io/load-balancer-type: Internal"
, I think you should delete the installation of the ingress-controller and make sure all resources related to the ingress-nginx controller are deleted/assign
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev
on Kubernetes Slack.
What happened: When accessing
vbe-ingress
endpoint, nginx logs are:Running curl twice I get diffferent client IPs:
curl 35.195.68.XX/voice-bot-entrypoint/docs
10.132.0.6
client IP is assigned to those pods:What you expected to happen: Real client IP is available, whitelisting works.
NGINX Ingress controller version :
Kubernetes version (use
kubectl version
):Environment:
Cloud provider or hardware configuration: GKE
OS (e.g. from /etc/os-release): Linux
Kernel (e.g.
uname -a
):Linux microsoft-standard-WSL2
Install tools: GKE private cluste with Autopilot
How was the ingress-nginx-controller installed:
helm ls -A | grep -i ingress
helm -n <ingresscontrollernamespace> get values <helmreleasename>
Current State of the controller:
kubectl describe ingressclasses
kubectl -n <ingresscontrollernamespace> get all -A -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/ingress-nginx-controller LoadBalancer 34.118.225.XX 35.195.148.XXX 80:30827/TCP,443:31256/TCP 22m app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx service/ingress-nginx-controller-admission ClusterIP 34.118.234.XXX 443/TCP 22m app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
service/ingress-nginx-controller-internal LoadBalancer 34.118.229.XXX 10.132.0.18 80:32510/TCP,443:30674/TCP 22m app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR deployment.apps/ingress-nginx-controller 1/1 1 1 22m controller registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR replicaset.apps/ingress-nginx-controller-5f4f6d5bfb 1 1 1 22m controller registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx,pod-template-hash=5f4f6d5bfb
kubectl -n ingress-nginx describe po ingress-nginx-controller-5f4f6d5bfb-j2gsf Name: ingress-nginx-controller-5f4f6d5bfb-j2gsf Namespace: ingress-nginx Priority: 0 Service Account: ingress-nginx Node: gk3-nzoz-k-xxxx-pool-2-5436578e-85lk/10.132.0.5 Start Time: Wed, 28 Feb 2024 11:38:46 +0100 Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.9.6 helm.sh/chart=ingress-nginx-4.9.1 pod-template-hash=5f4f6d5bfb Annotations:
Status: Running
SeccompProfile: RuntimeDefault
IP: 10.49.0.156
IPs:
IP: 10.49.0.156
Controlled By: ReplicaSet/ingress-nginx-controller-5f4f6d5bfb
Containers:
controller:
Container ID: containerd://471a28ef7dc45229ba896f5d62349f2bce29ce77e98691a67e32db9c9cfda82a
Image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
Image ID: registry.k8s.io/ingress-nginx/controller@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
Ports: 80/TCP, 443/TCP, 8443/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP
SeccompProfile: RuntimeDefault
Args:
/nginx-ingress-controller
--publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
--election-id=ingress-nginx-leader
--controller-class=k8s.io/ingress-nginx
--ingress-class=nginx
--configmap=$(POD_NAMESPACE)/ingress-nginx-controller
--validating-webhook=:8443
--validating-webhook-certificate=/usr/local/certificates/cert
--validating-webhook-key=/usr/local/certificates/key
State: Running
Started: Wed, 28 Feb 2024 11:38:47 +0100
Ready: True
Restart Count: 0
Limits:
cpu: 250m
ephemeral-storage: 1Gi
memory: 512Mi
Requests:
cpu: 250m
ephemeral-storage: 1Gi
memory: 512Mi
Liveness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=5
Readiness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=3
Environment:
POD_NAME: ingress-nginx-controller-5f4f6d5bfb-j2gsf (v1:metadata.name)
POD_NAMESPACE: ingress-nginx (v1:metadata.namespace)
LD_PRELOAD: /usr/local/lib/libmimalloc.so
Mounts:
/usr/local/certificates/ from webhook-cert (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-f4kt6 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
webhook-cert:
Type: Secret (a volume populated by a Secret)
SecretName: ingress-nginx-admission
Optional: false
kube-api-access-f4kt6:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: Guaranteed
Node-Selectors: kubernetes.io/os=linux
Tolerations: kubernetes.io/arch=amd64:NoSchedule
node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
Normal Scheduled 24m gke.io/optimize-utilization-scheduler Successfully assigned ingress-nginx/ingress-nginx-controller-5f4f6d5bfb-j2gsf to gk3-nzoz-k-xxxx-pool-2-5436578e-85lk Normal Pulled 24m kubelet Container image "registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c" already present on machine Normal Created 24m kubelet Created container controller Normal Started 24m kubelet Started container controller Normal RELOAD 24m nginx-ingress-controller NGINX reload triggered due to a change in configuration
$ kubectl -n ingress-nginx describe svc ingress-nginx-controller Name: ingress-nginx-controller Namespace: ingress-nginx Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.9.6 helm.sh/chart=ingress-nginx-4.9.1 Annotations: cloud.google.com/neg: {"ingress":true} meta.helm.sh/release-name: ingress-nginx meta.helm.sh/release-namespace: ingress-nginx Selector: app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 34.118.225.XX IPs: 34.118.225.XX LoadBalancer Ingress: 35.195.148.XXX Port: http 80/TCP TargetPort: http/TCP NodePort: http 30827/TCP Endpoints: 10.49.0.156:80 Port: https 443/TCP TargetPort: https/TCP NodePort: https 31256/TCP Endpoints: 10.49.0.156:443 Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message
Normal ADD 30m sc-gateway-controller ingress-nginx/ingress-nginx-controller Normal EnsuringLoadBalancer 30m service-controller Ensuring load balancer Normal UPDATE 30m sc-gateway-controller ingress-nginx/ingress-nginx-controller Normal DNSRecordProvisioningSucceeded 30m (x4 over 30m) clouddns-controller DNS records updated Normal EnsuredLoadBalancer 29m service-controller Ensured load balancer
$ kubectl -n ingress-nginx describe svc ingress-nginx-controller-admission Name: ingress-nginx-controller-admission Namespace: ingress-nginx Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.9.6 helm.sh/chart=ingress-nginx-4.9.1 Annotations: cloud.google.com/neg: {"ingress":true} meta.helm.sh/release-name: ingress-nginx meta.helm.sh/release-namespace: ingress-nginx Selector: app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 34.118.234.XXX IPs: 34.118.234.XXX Port: https-webhook 443/TCP TargetPort: webhook/TCP Endpoints: 10.49.0.156:8443 Session Affinity: None Events: Type Reason Age From Message
Normal ADD 30m sc-gateway-controller ingress-nginx/ingress-nginx-controller-admission Normal DNSRecordProvisioningSucceeded 30m (x4 over 30m) clouddns-controller DNS records updated
$ kubectl -n ingress-nginx describe svc ingress-nginx-controller-internal Name: ingress-nginx-controller-internal Namespace: ingress-nginx Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.9.6 helm.sh/chart=ingress-nginx-4.9.1 Annotations: cloud.google.com/neg: {"ingress":true} meta.helm.sh/release-name: ingress-nginx meta.helm.sh/release-namespace: ingress-nginx networking.gke.io/load-balancer-type: Internal Selector: app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 34.118.229.XXX IPs: 34.118.229.XXX LoadBalancer Ingress: 10.132.0.18 Port: http 80/TCP TargetPort: http/TCP NodePort: http 32510/TCP Endpoints: 10.49.0.156:80 Port: https 443/TCP TargetPort: https/TCP NodePort: https 30674/TCP Endpoints: 10.49.0.156:443 Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message
Normal ADD 31m sc-gateway-controller ingress-nginx/ingress-nginx-controller-internal Normal EnsuringLoadBalancer 31m service-controller Ensuring load balancer Normal UPDATE 31m (x2 over 31m) sc-gateway-controller ingress-nginx/ingress-nginx-controller-internal Normal DNSRecordProvisioningSucceeded 31m (x4 over 31m) clouddns-controller DNS records updated Normal EnsuredLoadBalancer 29m service-controller Ensured load balancer
Name: ingress-nginx-controller Namespace: ingress-nginx Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.9.6 helm.sh/chart=ingress-nginx-4.9.1 k8slens-edit-resource-version=v1 Annotations: meta.helm.sh/release-name: ingress-nginx meta.helm.sh/release-namespace: ingress-nginx
Data
allow-snippet-annotations:
true use-proxy-protocol:
true
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: your-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/whitelist-source-range: "xxx.xxx.xxx.xxx" # I provide correct IP's here spec: ingressClassName: nginx rules:
Anything else we need to know: Just so you know, I'm not a networking/devops expert. I am probably making a simple mistake that I will be ashamed of later.