Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

503 Service Unavailable when nodePort is set to 443 #1290

Closed
jseparovic opened this issue Nov 9, 2018 · 1 comment
Closed

503 Service Unavailable when nodePort is set to 443 #1290

jseparovic opened this issue Nov 9, 2018 · 1 comment
Assignees
@diptadas
Milestone
9.0.0

Comments

@jseparovic
Copy link

I'm having a problem using port 443 as the nodePort in a baremetal setup.

When setting nodePort to 443 I get 503 Service Unavailable.

local0.info: Nov  9 08:43:17 haproxy[32]: 10.47.0.0:58577 [09/Nov/2018:08:43:17.310] http-0_0_0_0-8000~ http-0_0_0_0-8000/<NOSRV> -1/-1/-1/-1/2 503 212 - - SC-- 1/1/0/0/0 0/0 "GET /healthz HTTP/1.1"

When I set the nodePort to 30443 and redeploy I get a 200 OK:

local0.info: Nov  9 08:37:50 haproxy[32]: 10.47.0.0:58433 [09/Nov/2018:08:37:50.433] http-0_0_0_0-8000~ pl-services-api.pl:8000-e87594db64bd6ed302696ea6deba7ff9/pod-pl-services-api-97d7966b-drj7k 0/0/1/1/2 200 117 - - ---- 1/1/0/0/0 0/0 "GET /healthz HTTP/1.1"

I've set kubelet to run with --service-node-port-range=80-32767

Here is my Ingress config:

apiVersion: voyager.appscode.com/v1beta1
kind: Ingress
metadata:
  name: pl-ingress
  namespace: pl
  annotations:
    kubernetes.io/ingress.class: voyager
    ingress.appscode.com/type: NodePort
    ingress.appscode.com/use-node-port: "true"
    ingress.appscode.com/auth-tls-verify-client: required
    ingress.appscode.com/auth-tls-secret: "pl-secret"
spec:
  tls:
  - secretName: pl-secret
    hosts:
    - pl
  rules:
  - host: pl
    http:
      nodePort: 443
      paths:
      - path: /api/v1
        backend:
          serviceName: pl-services-api
          servicePort: 8000
      - path: /healthz
        backend:
          serviceName: pl-services-api
          servicePort: 8000

and install cmd:

curl -fsSL https://raw.githubusercontent.com/appscode/voyager/8.0.1/hack/deploy/voyager.sh \
    | bash -s -- --provider=baremetal

It's a baremetal setup and I want to expose 443 on the host's IP. Should I be configuring it differently?
@tamalsaha tamalsaha added this to the 9.0.0 milestone Feb 7, 2019
@diptadas
Copy link
Contributor

diptadas commented Feb 7, 2019
edited

Hi @jseparovic if you use ingress.appscode.com/use-node-port: "true", you need to ensure that Host header of your request contains the node-port. For example:

$ curl -k -H 'Host: pl:443' 'https://192.168.99.100:443/healthz'

Note that, if you send https request from browser, the 443 port will not set in the host header, since it is the default port for https requests. You can omit ingress.appscode.com/use-node-port: "true" to solve this problem.

Please reopen the issue (specifying your request-url and generated HAProxy configuration) if you are still having problems.

@diptadas diptadas closed this as completed Feb 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diptadas diptadas

Labels
None yet
Projects
None yet
Milestone
9.0.0
Development

No branches or pull requests
3 participants
@tamalsaha @jseparovic @diptadas