404 when using default ingress and service

[KaniZ0r]

When I use default service and ingress configuration I'm unable to open passbolt. I'm getting 404 Not Found error from nginx.

My configuration matches with default configuration below. I edited host back to passbolt.local to not show the actual domain I use.

service:
  # -- Configure passbolt service type
  type: ClusterIP
  # -- Configure passbolt service port
  port: 443
  # -- Configure passbolt service targetPort
  targetPort: 443
  # -- Configure passbolt service port name
  name: https
  # -- Annotations to add to the service
  annotations: {}

ingress:
  # -- Enable passbolt ingress
  enabled: true
  # -- Configure passbolt ingress annotations
  annotations: {}
  # -- Configure passbolt ingress hosts
  hosts:
    # @ignored
    - host: passbolt.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  # -- Configure passbolt ingress tls
  tls:
    # @ignored
    - secretName: tls
      hosts:
        - passbolt.local

[dlen]

Hello,

Could you provide your ingress controller? Could you also provide a minimal values.yml that reproduces your issue?

[KaniZ0r]

Here's the ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    meta.helm.sh/release-name: passbolt-test
    meta.helm.sh/release-namespace: passbolt-test
  creationTimestamp: "2023-08-03T05:14:18Z"
  finalizers:
  - networking.gke.io/ingress-finalizer-V2
  generation: 1
  labels:
    app.kubernetes.io/action: common
    app.kubernetes.io/instance: passbolt-test
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: passbolt
    app.kubernetes.io/type: ing
    app.kubernetes.io/version: 4.0.2-2-ce
    helm.sh/chart: passbolt-0.4.0
  managedFields:
  - apiVersion: networking.k8s.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:finalizers:
          .: {}
          v:"networking.gke.io/ingress-finalizer-V2": {}
    manager: glbc
    operation: Update
    subresource: status
    time: "2023-08-03T05:14:18Z"
  - apiVersion: networking.k8s.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:meta.helm.sh/release-name: {}
          f:meta.helm.sh/release-namespace: {}
        f:labels:
          .: {}
          f:app.kubernetes.io/action: {}
          f:app.kubernetes.io/instance: {}
          f:app.kubernetes.io/managed-by: {}
          f:app.kubernetes.io/name: {}
          f:app.kubernetes.io/type: {}
          f:app.kubernetes.io/version: {}
          f:helm.sh/chart: {}
      f:spec:
        f:rules: {}
        f:tls: {}
    manager: helm
    operation: Update
    time: "2023-08-03T05:14:18Z"
  name: passbolt-test-passbolt-ing-common
  namespace: passbolt-test
  resourceVersion: "124558013"
  uid: d3636b4d-1ce6-42c0-88c1-ec71b82da263
spec:
  rules:
  - host: passbolt-test.app
    http:
      paths:
      - backend:
          service:
            name: passbolt-test-passbolt
            port:
              number: 443
        path: /
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - passbolt-test.app
    secretName: passbolt-test-passbolt-sec-tls
status:
  loadBalancer: {}

And here's my values.yml

enabled: true
app:
  cache:
    redis:
      sentinelProxy:
        enabled: false
autoscaling:
  enabled: false
redisDependencyEnabled: false
service:
  port: 443
  targetPort: 443
ingress:
  enabled: true
  annotations: {}
  hosts:
    - host: passbolt-test.app
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: tls
      hosts:
        - passbolt-test.app
livenessProbe:
  httpGet:
    port: https
    scheme: HTTPS
    path: /healthcheck/status.json
    httpHeaders:
      - name: Host
        value: passbolt-test.app
readinessProbe:
  httpGet:
    port: https
    scheme: HTTPS
    httpHeaders:
      - name: Host
        value: passbolt-test.app
    path: /healthcheck/status.json

I removed env variables and secret variables from values before copying.

I also noticed that ingress is giving following error:

Translation failed: invalid ingress spec: service "passbolt" is type "ClusterIP", expected "NodePort" or "LoadBalancer"

My current need is to use ClusterIP as the service type so changing it is not an option.

[dlen]

Hey thanks for the info,

What I meant is which ingress controller do you have installed in your cluster. Nginx controller, gce, contour, traefik, which one? This way we might try to reproduce your issue.

[KaniZ0r]

I'm using https://kubernetes.github.io/ingress-nginx ingress-nginx 4.3.0

[dlen]

Without further investigation I think you are missing the backend-protocol annotation in your nginx ingress: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#backend-protocol EDIT: I also forgot to mention to point your ingress to use the nginx ingress class using the following ingress annotation in your passbolt ingress: kubernetes.io/ingress.class: "nginx" Also I haven't seen it in your values but I guess you are setting the APP_FULL_BASE_URL to https://passbolt.local or whatever your host is. I will try to reproduce it in any case.

[KaniZ0r]

@dlen I was able to fix the issue with adding the annotations you suggested:

nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
kubernetes.io/ingress.class: "nginx"

Ingress in values looks like this now:

  ingress:
    enabled: true
    annotations:
      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
      kubernetes.io/ingress.class: "nginx"
    hosts:
      - host: passbolt.test
        paths:
          - path: /
            pathType: ImplementationSpecific
    tls:
      - secretName: tls
        hosts:
          - passbolt.test

Thanks a lot for the help!