kubernetes
/
ingress-nginx
mirror of https://github.com/kubernetes/ingress-nginx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ingress-nginx/troubleshooting/index.html

197 lines
43 KiB
HTML
Raw Blame History

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link href=https://kubernetes.github.io/ingress-nginx/troubleshooting/ rel=canonical><link rel="shortcut icon" href=../assets/images/favicon.png><meta name=generator content="mkdocs-1.1.2, mkdocs-material-6.2.4"><title>Troubleshooting - NGINX Ingress Controller</title><link rel=stylesheet href=../assets/stylesheets/main.15aa0b43.min.css><link rel=stylesheet href=../assets/stylesheets/palette.75751829.min.css><meta name=theme-color content=#009485><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback"><style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style><link rel=stylesheet href=../extra.css><script>window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)},ga.l=+new Date,ga("create","UA-118407822-1","kubernetes.github.io"),ga("set","anonymizeIp",!0),ga("send","pageview"),document.addEventListener("DOMContentLoaded",function(){document.forms.search&&document.forms.search.query.addEventListener("blur",function(){if(this.value){var e=document.location.pathname;ga("send","pageview",e+"?q="+this.value)}})}),document.addEventListener("DOMContentSwitch",function(){ga("send","pageview",document.location.pathname)})</script><script async src=https://www.google-analytics.com/analytics.js></script></head> <body dir=ltr data-md-color-scheme data-md-color-primary=teal data-md-color-accent=green> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#troubleshooting class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid" aria-label=Header> <a href=https://kubernetes.github.io/ingress-nginx title="NGINX Ingress Controller" class="md-header-nav__button md-logo" aria-label="NGINX Ingress Controller"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg> </a> <label class="md-header-nav__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg> </label> <div class=md-header-nav__title data-md-component=header-title> <div class=md-header-nav__ellipsis> <div class=md-header-nav__topic> <span class=md-ellipsis> NGINX Ingress Controller </span> </div> <div class=md-header-nav__topic> <span class=md-ellipsis> Troubleshooting </span> </div> </div> </div> <label class="md-header-nav__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query data-md-state=active required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </label> <button type=reset class="md-search__icon md-icon" aria-label=Clear data-md-component=search-reset tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg> </button> </form> <div class=md-search__output> <div class=md-search__scrollwrap data-md-scrollfix> <div class=md-search-result data-md-component=search-result> <div class=md-search-result__meta> Initializing search </div> <ol class=md-search-result__list></ol> </div> </div> </div> </div> </div> <div class=md-header-nav__source> <a href=https://github.com/kubernetes/ingress-nginx/ title="Go to repository" class=md-source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg> </div> <div class=md-source__repository> kubernetes/ingress-nginx </div> </a> </div> </nav> </header> <div class=md-container data-md-component=container> <nav class=md-tabs aria-label=Tabs data-md-component=tabs> <div class="md-tabs__inner md-grid"> <ul class=md-tabs__list> <li class=md-tabs__item> <a href=.. class="md-tabs__link md-tabs__link--active"> Welcome </a> </li> <li class=md-tabs__item> <a href=../deploy/ class=md-tabs__link> Deployment </a> </li> <li class=md-tabs__item> <a href=../user-guide/nginx-configuration/ class=md-tabs__link> User guide </a> </li> <li class=md-tabs__item> <a href=../examples/ class=md-tabs__link> Examples </a> </li> </ul> </div> </nav> <main class=md-main data-md-component=main> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary md-nav--lifted" aria-label=Navigation data-md-level=0> <label class=md-nav__title for=__drawer> <a href=https://kubernetes.github.io/ingress-nginx title="NGINX Ingress Controller" class="md-nav__button md-logo" aria-label="NGINX Ingress Controller"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg> </a> NGINX Ingress Controller </label> <div class=md-nav__source> <a href=https://github.com/kubernetes/ingress-nginx/ title="Go to repository" class=md-source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg> </div> <div class=md-source__repository> kubernetes/ingress-nginx </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-1 type=checkbox id=nav-1 checked> <label class=md-nav__link for=nav-1> Welcome <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Welcome data-md-level=1> <label class=md-nav__title for=nav-1> <span class="md-nav__icon md-icon"></span> Welcome </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=.. class=md-nav__link> Welcome </a> </li> <li class=md-nav__item> <a href=../how-it-works/ class=md-nav__link> How it works </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" data-md-toggle=toc type=checkbox id=__toc> <label class="md-nav__link md-nav__link--active" for=__toc> Troubleshooting <span class="md-nav__icon md-icon"></span> </label> <a href=./ class="md-nav__link md-nav__link--active"> Troubleshooting </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=#ingress-controller-logs-and-events class=md-nav__link> Ingress-Controller Logs and Events </a> </li> <li class=md-nav__item> <a href=#debug-logging class=md-nav__link> Debug Logging </a> </li> <li class=md-nav__item> <a href=#authentication-to-the-kubernetes-api-server class=md-nav__link> Authentication to the Kubernetes API Server </a> <nav class=md-nav aria-label="Authentication to the Kubernetes API Server"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#service-account class=md-nav__link> Service Account </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#kube-config class=md-nav__link> Kube-Config </a> </li> <li class=md-nav__item> <a href=#using-gdb-with-nginx class=md-nav__link> Using GDB with Nginx </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../kubectl-plugin/ class=md-nav__link> kubectl plugin </a> </li> <li class=md-nav__item> <a href=../development/ class=md-nav__link> Development </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-2 type=checkbox id=nav-2> <label class=md-nav__link for=nav-2> Deployment <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Deployment data-md-level=1> <label class=md-nav__title for=nav-2> <span class="md-nav__icon md-icon"></span> Deployment </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../deploy/ class=md-nav__link> Installation Guide </a> </li> <li class=md-nav__item> <a href=../deploy/baremetal/ class=md-nav__link> Bare-metal considerations </a> </li> <li class=md-nav__item> <a href=../deploy/rbac/ class=md-nav__link> Role Based Access Control (RBAC) </a> </li> <li class=md-nav__item> <a href=../deploy/upgrade/ class=md-nav__link> Upgrade </a> </li> <li class=md-nav__item> <a href=../deploy/hardening-guide/ class=md-nav__link> Hardening guide </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-3 type=checkbox id=nav-3> <label class=md-nav__link for=nav-3> User guide <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="User guide" data-md-level=1> <label class=md-nav__title for=nav-3> <span class="md-nav__icon md-icon"></span> User guide </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-3-1 type=checkbox id=nav-3-1> <label class=md-nav__link for=nav-3-1> NGINX Configuration <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="NGINX Configuration" data-md-level=2> <label class=md-nav__title for=nav-3-1> <span class="md-nav__icon md-icon"></span> NGINX Configuration </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/ class=md-nav__link> Introduction </a> </li> <li class=md-nav__item> <a href=../user-guide/basic-usage/ class=md-nav__link> Basic usage </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/annotations/ class=md-nav__link> Annotations </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/configmap/ class=md-nav__link> ConfigMap </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/custom-template/ class=md-nav__link> Custom NGINX template </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/log-format/ class=md-nav__link> Log format </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../user-guide/cli-arguments/ class=md-nav__link> Command line arguments </a> </li> <li class=md-nav__item> <a href=../user-guide/custom-errors/ class=md-nav__link> Custom errors </a> </li> <li class=md-nav__item> <a href=../user-guide/default-backend/ class=md-nav__link> Default backend </a> </li> <li class=md-nav__item> <a href=../user-guide/exposing-tcp-udp-services/ class=md-nav__link> Exposing TCP and UDP services </a> </li> <li class=md-nav__item> <a href=../user-guide/fcgi-services/ class=md-nav__link> Exposing FCGI services </a> </li> <li class=md-nav__item> <a href=../user-guide/ingress-path-matching/ class=md-nav__link> Regular expressions in paths </a> </li> <li class=md-nav__item> <a href=../user-guide/external-articles/ class=md-nav__link> External Articles </a> </li> <li class=md-nav__item> <a href=../user-guide/miscellaneous/ class=md-nav__link> Miscellaneous </a> </li> <li class=md-nav__item> <a href=../user-guide/monitoring/ class=md-nav__link> Prometheus and Grafana installation </a> </li> <li class=md-nav__item> <a href=../user-guide/multiple-ingress/ class=md-nav__link> Multiple Ingress controllers </a> </li> <li class=md-nav__item> <a href=../user-guide/tls/ class=md-nav__link> TLS/HTTPS </a> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-3-13 type=checkbox id=nav-3-13> <label class=md-nav__link for=nav-3-13> Third party addons <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Third party addons" data-md-level=2> <label class=md-nav__title for=nav-3-13> <span class="md-nav__icon md-icon"></span> Third party addons </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../user-guide/third-party-addons/modsecurity/ class=md-nav__link> ModSecurity Web Application Firewall </a> </li> <li class=md-nav__item> <a href=../user-guide/third-party-addons/opentracing/ class=md-nav__link> OpenTracing </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4 type=checkbox id=nav-4> <label class=md-nav__link for=nav-4> Examples <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Examples data-md-level=1> <label class=md-nav__title for=nav-4> <span class="md-nav__icon md-icon"></span> Examples </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../examples/ class=md-nav__link> Introduction </a> </li> <li class=md-nav__item> <a href=../examples/PREREQUISITES/ class=md-nav__link> Prerequisites </a> </li> <li class=md-nav__item> <a href=../examples/affinity/cookie/ class=md-nav__link> Sticky Sessions </a> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4-4 type=checkbox id=nav-4-4> <label class=md-nav__link for=nav-4-4> Auth <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Auth data-md-level=2> <label class=md-nav__title for=nav-4-4> <span class="md-nav__icon md-icon"></span> Auth </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../examples/auth/basic/ class=md-nav__link> Basic Authentication </a> </li> <li class=md-nav__item> <a href=../examples/auth/client-certs/ class=md-nav__link> Client Certificate Authentication </a> </li> <li class=md-nav__item> <a href=../examples/auth/external-auth/ class=md-nav__link> External Basic Authentication </a> </li> <li class=md-nav__item> <a href=../examples/auth/oauth-external-auth/ class=md-nav__link> External OAUTH Authentication </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4-5 type=checkbox id=nav-4-5> <label class=md-nav__link for=nav-4-5> Customization <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Customization data-md-level=2> <label class=md-nav__title for=nav-4-5> <span class="md-nav__icon md-icon"></span> Customization </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../examples/customization/configuration-snippets/ class=md-nav__link> Configuration Snippets </a> </li> <li class=md-nav__item> <a href=../examples/customization/custom-configuration/ class=md-nav__link> Custom Configuration </a> </li> <li class=md-nav__item> <a href=../examples/customization/custom-errors/ class=md-nav__link> Custom Errors </a> </li> <li class=md-nav__item> <a href=../examples/customization/custom-headers/ class=md-nav__link> Custom Headers </a> </li> <li class=md-nav__item> <a href=../examples/customization/external-auth-headers/ class=md-nav__link> External authentication </a> </li> <li class=md-nav__item> <a href=../examples/customization/ssl-dh-param/ class=md-nav__link> Custom DH parameters for perfect forward secrecy </a> </li> <li class=md-nav__item> <a href=../examples/customization/sysctl/ class=md-nav__link> Sysctl tuning </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../examples/docker-registry/ class=md-nav__link> Docker registry </a> </li> <li class=md-nav__item> <a href=../examples/grpc/ class=md-nav__link> gRPC </a> </li> <li class=md-nav__item> <a href=../examples/multi-tls/ class=md-nav__link> Multi TLS certificate termination </a> </li> <li class=md-nav__item> <a href=../examples/rewrite/ class=md-nav__link> Rewrite </a> </li> <li class=md-nav__item> <a href=../examples/static-ip/ class=md-nav__link> Static IPs </a> </li> <li class=md-nav__item> <a href=../examples/tls-termination/ class=md-nav__link> TLS termination </a> </li> <li class=md-nav__item> <a href=../examples/psp/ class=md-nav__link> Pod Security Policy (PSP) </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component=toc> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=#ingress-controller-logs-and-events class=md-nav__link> Ingress-Controller Logs and Events </a> </li> <li class=md-nav__item> <a href=#debug-logging class=md-nav__link> Debug Logging </a> </li> <li class=md-nav__item> <a href=#authentication-to-the-kubernetes-api-server class=md-nav__link> Authentication to the Kubernetes API Server </a> <nav class=md-nav aria-label="Authentication to the Kubernetes API Server"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#service-account class=md-nav__link> Service Account </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#kube-config class=md-nav__link> Kube-Config </a> </li> <li class=md-nav__item> <a href=#using-gdb-with-nginx class=md-nav__link> Using GDB with Nginx </a> </li> </ul> </nav> </div> </div> </div> <div class=md-content> <article class="md-content__inner md-typeset"> <a href=https://github.com/kubernetes/ingress-nginx/edit/master/docs/troubleshooting.md title="Edit this page" class="md-content__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg> </a> <!--
-----------------NOTICE------------------------
This file is referenced in code as
https://github.com/kubernetes/ingress-nginx/blob/master/docs/troubleshooting.md
Do not move it without providing redirects.
-----------------------------------------------
--> <h1 id=troubleshooting>Troubleshooting<a class=headerlink href=#troubleshooting title="Permanent link"></a></h1> <h2 id=ingress-controller-logs-and-events>Ingress-Controller Logs and Events<a class=headerlink href=#ingress-controller-logs-and-events title="Permanent link"></a></h2> <p>There are many ways to troubleshoot the ingress-controller. The following are basic troubleshooting methods to obtain more information.</p> <p>Check the Ingress Resource Events</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl get ing -n &lt;namespace-of-ingress-resource&gt;
<span class=go>NAME HOSTS ADDRESS PORTS AGE</span>
<span class=go>cafe-ingress cafe.com 10.0.2.15 80 25s</span>
<span class=gp>$</span> kubectl describe ing &lt;ingress-resource-name&gt; -n &lt;namespace-of-ingress-resource&gt;
<span class=go>Name: cafe-ingress</span>
<span class=go>Namespace: default</span>
<span class=go>Address: 10.0.2.15</span>
<span class=go>Default backend: default-http-backend:80 (172.17.0.5:8080)</span>
<span class=go>Rules:</span>
<span class=go> Host Path Backends</span>
<span class=go> ---- ---- --------</span>
<span class=go> cafe.com</span>
<span class=go> /tea tea-svc:80 (&lt;none&gt;)</span>
<span class=go> /coffee coffee-svc:80 (&lt;none&gt;)</span>
<span class=go>Annotations:</span>
<span class=go> kubectl.kubernetes.io/last-applied-configuration: {&quot;apiVersion&quot;:&quot;networking.k8s.io/v1beta1&quot;,&quot;kind&quot;:&quot;Ingress&quot;,&quot;metadata&quot;:{&quot;annotations&quot;:{},&quot;name&quot;:&quot;cafe-ingress&quot;,&quot;namespace&quot;:&quot;default&quot;,&quot;selfLink&quot;:&quot;/apis/networking/v1beta1/namespaces/default/ingresses/cafe-ingress&quot;},&quot;spec&quot;:{&quot;rules&quot;:[{&quot;host&quot;:&quot;cafe.com&quot;,&quot;http&quot;:{&quot;paths&quot;:[{&quot;backend&quot;:{&quot;serviceName&quot;:&quot;tea-svc&quot;,&quot;servicePort&quot;:80},&quot;path&quot;:&quot;/tea&quot;},{&quot;backend&quot;:{&quot;serviceName&quot;:&quot;coffee-svc&quot;,&quot;servicePort&quot;:80},&quot;path&quot;:&quot;/coffee&quot;}]}}]},&quot;status&quot;:{&quot;loadBalancer&quot;:{&quot;ingress&quot;:[{&quot;ip&quot;:&quot;169.48.142.110&quot;}]}}}</span>
<span class=go>Events:</span>
<span class=go> Type Reason Age From Message</span>
<span class=go> ---- ------ ---- ---- -------</span>
<span class=go> Normal CREATE 1m nginx-ingress-controller Ingress default/cafe-ingress</span>
<span class=go> Normal UPDATE 58s nginx-ingress-controller Ingress default/cafe-ingress</span>
</code></pre></div> <p>Check the Ingress Controller Logs</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl get pods -n &lt;namespace-of-ingress-controller&gt;
<span class=go>NAME READY STATUS RESTARTS AGE</span>
<span class=go>nginx-ingress-controller-67956bf89d-fv58j 1/1 Running 0 1m</span>
<span class=gp>$</span> kubectl logs -n &lt;namespace&gt; nginx-ingress-controller-67956bf89d-fv58j
<span class=go>-------------------------------------------------------------------------------</span>
<span class=go>NGINX Ingress controller</span>
<span class=go> Release: 0.14.0</span>
<span class=go> Build: git-734361d</span>
<span class=go> Repository: https://github.com/kubernetes/ingress-nginx</span>
<span class=go>-------------------------------------------------------------------------------</span>
<span class=go>....</span>
</code></pre></div> <p>Check the Nginx Configuration</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl get pods -n &lt;namespace-of-ingress-controller&gt;
<span class=go>NAME READY STATUS RESTARTS AGE</span>
<span class=go>nginx-ingress-controller-67956bf89d-fv58j 1/1 Running 0 1m</span>
<span class=gp>$</span> kubectl <span class=nb>exec</span> -it -n &lt;namespace-of-ingress-controller&gt; nginx-ingress-controller-67956bf89d-fv58j -- cat /etc/nginx/nginx.conf
<span class=go>daemon off;</span>
<span class=go>worker_processes 2;</span>
<span class=go>pid /run/nginx.pid;</span>
<span class=go>worker_rlimit_nofile 523264;</span>
<span class=go>worker_shutdown_timeout 240s;</span>
<span class=go>events {</span>
<span class=go> multi_accept on;</span>
<span class=go> worker_connections 16384;</span>
<span class=go> use epoll;</span>
<span class=go>}</span>
<span class=go>http {</span>
<span class=go>....</span>
</code></pre></div> <p>Check if used Services Exist</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl get svc --all-namespaces
<span class=go>NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span>
<span class=go>default coffee-svc ClusterIP 10.106.154.35 &lt;none&gt; 80/TCP 18m</span>
<span class=go>default kubernetes ClusterIP 10.96.0.1 &lt;none&gt; 443/TCP 30m</span>
<span class=go>default tea-svc ClusterIP 10.104.172.12 &lt;none&gt; 80/TCP 18m</span>
<span class=go>kube-system default-http-backend NodePort 10.108.189.236 &lt;none&gt; 80:30001/TCP 30m</span>
<span class=go>kube-system kube-dns ClusterIP 10.96.0.10 &lt;none&gt; 53/UDP,53/TCP 30m</span>
<span class=go>kube-system kubernetes-dashboard NodePort 10.103.128.17 &lt;none&gt; 80:30000/TCP 30m</span>
</code></pre></div> <h2 id=debug-logging>Debug Logging<a class=headerlink href=#debug-logging title="Permanent link"></a></h2> <p>Using the flag <code>--v=XX</code> it is possible to increase the level of logging. This is performed by editing the deployment.</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl get deploy -n &lt;namespace-of-ingress-controller&gt;
<span class=go>NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE</span>
<span class=go>default-http-backend 1 1 1 1 35m</span>
<span class=go>nginx-ingress-controller 1 1 1 1 35m</span>
<span class=gp>$</span> kubectl edit deploy -n &lt;namespace-of-ingress-controller&gt; nginx-ingress-controller
<span class=gp>#</span> Add --v<span class=o>=</span>X to <span class=s2>&quot;- args&quot;</span>, where X is an integer
</code></pre></div> <ul> <li><code>--v=2</code> shows details using <code>diff</code> about the changes in the configuration in nginx</li> <li><code>--v=3</code> shows details about the service, Ingress rule, endpoint changes and it dumps the nginx configuration in JSON format</li> <li><code>--v=5</code> configures NGINX in <a href=http://nginx.org/en/docs/debugging_log.html>debug mode</a></li> </ul> <h2 id=authentication-to-the-kubernetes-api-server>Authentication to the Kubernetes API Server<a class=headerlink href=#authentication-to-the-kubernetes-api-server title="Permanent link"></a></h2> <p>A number of components are involved in the authentication process and the first step is to narrow down the source of the problem, namely whether it is a problem with service authentication or with the kubeconfig file.</p> <p>Both authentications must work:</p> <div class=highlight><pre><span></span><code>+-------------+ service +------------+
| | authentication | |
+ apiserver +&lt;-------------------+ ingress |
| | | controller |
+-------------+ +------------+
</code></pre></div> <p><strong>Service authentication</strong></p> <p>The Ingress controller needs information from apiserver. Therefore, authentication is required, which can be achieved in two different ways:</p> <ol> <li> <p><em>Service Account:</em> This is recommended, because nothing has to be configured. The Ingress controller will use information provided by the system to communicate with the API server. See 'Service Account' section for details.</p> </li> <li> <p><em>Kubeconfig file:</em> In some Kubernetes environments service accounts are not available. In this case a manual configuration is required. The Ingress controller binary can be started with the <code>--kubeconfig</code> flag. The value of the flag is a path to a file specifying how to connect to the API server. Using the <code>--kubeconfig</code> does not requires the flag <code>--apiserver-host</code>. The format of the file is identical to <code>~/.kube/config</code> which is used by kubectl to connect to the API server. See 'kubeconfig' section for details.</p> </li> <li> <p><em>Using the flag <code>--apiserver-host</code>:</em> Using this flag <code>--apiserver-host=http://localhost:8080</code> it is possible to specify an unsecured API server or reach a remote kubernetes cluster using <a href=https://kubernetes.io/docs/user-guide/kubectl/kubectl_proxy/ >kubectl proxy</a>. Please do not use this approach in production.</p> </li> </ol> <p>In the diagram below you can see the full authentication flow with all options, starting with the browser on the lower left hand side.</p> <div class=highlight><pre><span></span><code>Kubernetes Workstation
+---------------------------------------------------+ +------------------+
| | | |
| +-----------+ apiserver +------------+ | | +------------+ |
| | | proxy | | | | | | |
| | apiserver | | ingress | | | | ingress | |
| | | | controller | | | | controller | |
| | | | | | | | | |
| | | | | | | | | |
| | | service account/ | | | | | | |
| | | kubeconfig | | | | | | |
| | +&lt;-------------------+ | | | | | |
| | | | | | | | | |
| +------+----+ kubeconfig +------+-----+ | | +------+-----+ |
| |&lt;--------------------------------------------------------| |
| | | |
+---------------------------------------------------+ +------------------+
</code></pre></div> <h3 id=service-account>Service Account<a class=headerlink href=#service-account title="Permanent link"></a></h3> <p>If using a service account to connect to the API server, the ingress-controller expects the file <code>/var/run/secrets/kubernetes.io/serviceaccount/token</code> to be present. It provides a secret token that is required to authenticate with the API server.</p> <p>Verify with the following commands:</p> <div class=highlight><pre><span></span><code><span class=gp>#</span> start a container that contains curl
<span class=gp>$</span> kubectl run <span class=nb>test</span> --image<span class=o>=</span>tutum/curl -- sleep <span class=m>10000</span>
<span class=gp>#</span> check that container is running
<span class=gp>$</span> kubectl get pods
<span class=go>NAME READY STATUS RESTARTS AGE</span>
<span class=go>test-701078429-s5kca 1/1 Running 0 16s</span>
<span class=gp>#</span> check <span class=k>if</span> secret exists
<span class=gp>$</span> kubectl <span class=nb>exec</span> test-701078429-s5kca -- ls /var/run/secrets/kubernetes.io/serviceaccount/
<span class=go>ca.crt</span>
<span class=go>namespace</span>
<span class=go>token</span>
<span class=gp>#</span> get service IP of master
<span class=gp>$</span> kubectl get services
<span class=go>NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span>
<span class=go>kubernetes 10.0.0.1 &lt;none&gt; 443/TCP 1d</span>
<span class=gp>#</span> check base connectivity from cluster inside
<span class=gp>$</span> kubectl <span class=nb>exec</span> test-701078429-s5kca -- curl -k https://10.0.0.1
<span class=go>Unauthorized</span>
<span class=gp>#</span> connect using tokens
<span class=gp>$</span> <span class=nv>TOKEN_VALUE</span><span class=o>=</span><span class=k>$(</span>kubectl <span class=nb>exec</span> test-701078429-s5kca -- cat /var/run/secrets/kubernetes.io/serviceaccount/token<span class=k>)</span>
<span class=gp>$</span> <span class=nb>echo</span> <span class=nv>$TOKEN_VALUE</span>
<span class=go>eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3Mi....9A</span>
<span class=gp>$</span> kubectl <span class=nb>exec</span> test-701078429-s5kca -- curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H <span class=s2>&quot;Authorization: Bearer </span><span class=nv>$TOKEN_VALUE</span><span class=s2>&quot;</span> https://10.0.0.1
<span class=go>{</span>
<span class=go> &quot;paths&quot;: [</span>
<span class=go> &quot;/api&quot;,</span>
<span class=go> &quot;/api/v1&quot;,</span>
<span class=go> &quot;/apis&quot;,</span>
<span class=go> &quot;/apis/apps&quot;,</span>
<span class=go> &quot;/apis/apps/v1alpha1&quot;,</span>
<span class=go> &quot;/apis/authentication.k8s.io&quot;,</span>
<span class=go> &quot;/apis/authentication.k8s.io/v1beta1&quot;,</span>
<span class=go> &quot;/apis/authorization.k8s.io&quot;,</span>
<span class=go> &quot;/apis/authorization.k8s.io/v1beta1&quot;,</span>
<span class=go> &quot;/apis/autoscaling&quot;,</span>
<span class=go> &quot;/apis/autoscaling/v1&quot;,</span>
<span class=go> &quot;/apis/batch&quot;,</span>
<span class=go> &quot;/apis/batch/v1&quot;,</span>
<span class=go> &quot;/apis/batch/v2alpha1&quot;,</span>
<span class=go> &quot;/apis/certificates.k8s.io&quot;,</span>
<span class=go> &quot;/apis/certificates.k8s.io/v1alpha1&quot;,</span>
<span class=go> &quot;/apis/networking&quot;,</span>
<span class=go> &quot;/apis/networking/v1beta1&quot;,</span>
<span class=go> &quot;/apis/policy&quot;,</span>
<span class=go> &quot;/apis/policy/v1alpha1&quot;,</span>
<span class=go> &quot;/apis/rbac.authorization.k8s.io&quot;,</span>
<span class=go> &quot;/apis/rbac.authorization.k8s.io/v1alpha1&quot;,</span>
<span class=go> &quot;/apis/storage.k8s.io&quot;,</span>
<span class=go> &quot;/apis/storage.k8s.io/v1beta1&quot;,</span>
<span class=go> &quot;/healthz&quot;,</span>
<span class=go> &quot;/healthz/ping&quot;,</span>
<span class=go> &quot;/logs&quot;,</span>
<span class=go> &quot;/metrics&quot;,</span>
<span class=go> &quot;/swaggerapi/&quot;,</span>
<span class=go> &quot;/ui/&quot;,</span>
<span class=go> &quot;/version&quot;</span>
<span class=go> ]</span>
<span class=go>}</span>
</code></pre></div> <p>If it is not working, there are two possible reasons:</p> <ol> <li> <p>The contents of the tokens are invalid. Find the secret name with <code>kubectl get secrets | grep service-account</code> and delete it with <code>kubectl delete secret &lt;name&gt;</code>. It will automatically be recreated.</p> </li> <li> <p>You have a non-standard Kubernetes installation and the file containing the token may not be present. The API server will mount a volume containing this file, but only if the API server is configured to use the ServiceAccount admission controller. If you experience this error, verify that your API server is using the ServiceAccount admission controller. If you are configuring the API server by hand, you can set this with the <code>--admission-control</code> parameter.</p> <blockquote> <p>Note that you should use other admission controllers as well. Before configuring this option, you should read about admission controllers.</p> </blockquote> </li> </ol> <p>More information:</p> <ul> <li><a href=http://kubernetes.io/docs/user-guide/service-accounts/ >User Guide: Service Accounts</a></li> <li><a href=http://kubernetes.io/docs/admin/service-accounts-admin/ >Cluster Administrator Guide: Managing Service Accounts</a></li> </ul> <h2 id=kube-config>Kube-Config<a class=headerlink href=#kube-config title="Permanent link"></a></h2> <p>If you want to use a kubeconfig file for authentication, follow the <a href=../deploy/ >deploy procedure</a> and add the flag <code>--kubeconfig=/etc/kubernetes/kubeconfig.yaml</code> to the args section of the deployment.</p> <h2 id=using-gdb-with-nginx>Using GDB with Nginx<a class=headerlink href=#using-gdb-with-nginx title="Permanent link"></a></h2> <p><a href=https://www.gnu.org/software/gdb/ >Gdb</a> can be used to with nginx to perform a configuration dump. This allows us to see which configuration is being used, as well as older configurations.</p> <p>Note: The below is based on the nginx <a href=https://docs.nginx.com/nginx/admin-guide/monitoring/debugging/#dumping-nginx-configuration-from-a-running-process>documentation</a>.</p> <ol> <li>SSH into the worker</li> </ol> <div class=highlight><pre><span></span><code><span class=gp>$</span> ssh user@workerIP
</code></pre></div> <ol> <li>Obtain the Docker Container Running nginx</li> </ol> <div class=highlight><pre><span></span><code><span class=gp>$</span> docker ps <span class=p>|</span> grep nginx-ingress-controller
<span class=go>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES</span>
<span class=go>d9e1d243156a quay.io/kubernetes-ingress-controller/nginx-ingress-controller &quot;/usr/bin/dumb-init …&quot; 19 minutes ago Up 19 minutes k8s_nginx-ingress-controller_nginx-ingress-controller-67956bf89d-mqxzt_kube-system_079f31ec-aa37-11e8-ad39-080027a227db_0</span>
</code></pre></div> <ol> <li>Exec into the container</li> </ol> <div class=highlight><pre><span></span><code><span class=gp>$</span> docker <span class=nb>exec</span> -it --user<span class=o>=</span><span class=m>0</span> --privileged d9e1d243156a bash
</code></pre></div> <ol> <li>Make sure nginx is running in <code>--with-debug</code></li> </ol> <div class=highlight><pre><span></span><code><span class=gp>$</span> nginx -V <span class=m>2</span>&gt;<span class=p>&amp;</span><span class=m>1</span> <span class=p>|</span> grep -- <span class=s1>&#39;--with-debug&#39;</span>
</code></pre></div> <ol> <li>Get list of processes running on container</li> </ol> <div class=highlight><pre><span></span><code><span class=gp>$</span> ps -ef
<span class=go>UID PID PPID C STIME TTY TIME CMD</span>
<span class=go>root 1 0 0 20:23 ? 00:00:00 /usr/bin/dumb-init /nginx-ingres</span>
<span class=go>root 5 1 0 20:23 ? 00:00:05 /nginx-ingress-controller --defa</span>
<span class=go>root 21 5 0 20:23 ? 00:00:00 nginx: master process /usr/sbin/</span>
<span class=go>nobody 106 21 0 20:23 ? 00:00:00 nginx: worker process</span>
<span class=go>nobody 107 21 0 20:23 ? 00:00:00 nginx: worker process</span>
<span class=go>root 172 0 0 20:43 pts/0 00:00:00 bash</span>
</code></pre></div> <ol> <li>Attach gdb to the nginx master process</li> </ol> <div class=highlight><pre><span></span><code><span class=gp>$</span> gdb -p <span class=m>21</span>
<span class=go>....</span>
<span class=go>Attaching to process 21</span>
<span class=go>Reading symbols from /usr/sbin/nginx...done.</span>
<span class=go>....</span>
<span class="gp gp-VirtualEnv">(gdb)</span>
</code></pre></div> <ol> <li>Copy and paste the following:</li> </ol> <div class=highlight><pre><span></span><code><span class=go>set $cd = ngx_cycle-&gt;config_dump</span>
<span class=go>set $nelts = $cd.nelts</span>
<span class=go>set $elts = (ngx_conf_dump_t*)($cd.elts)</span>
<span class=go>while ($nelts-- &gt; 0)</span>
<span class=go>set $name = $elts[$nelts]-&gt;name.data</span>
<span class=go>printf &quot;Dumping %s to nginx_conf.txt\n&quot;, $name</span>
<span class=go>append memory nginx_conf.txt \</span>
<span class=gp> $</span>elts<span class=o>[</span><span class=nv>$nelts</span><span class=o>]</span>-&gt;buffer.start <span class=nv>$elts</span><span class=o>[</span><span class=nv>$nelts</span><span class=o>]</span>-&gt;buffer.end
<span class=go>end</span>
</code></pre></div> <ol> <li> <p>Quit GDB by pressing CTRL+D</p> </li> <li> <p>Open nginx_conf.txt</p> </li> </ol> <div class=highlight><pre><span></span><code><span class=go>cat nginx_conf.txt</span>
</code></pre></div> </article> </div> </div> </main> <footer class=md-footer> <div class=md-footer-nav> <nav class="md-footer-nav__inner md-grid" aria-label=Footer> <a href=../how-it-works/ class="md-footer-nav__link md-footer-nav__link--prev" rel=prev> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </div> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Previous </span> How it works </div> </div> </a> <a href=../kubectl-plugin/ class="md-footer-nav__link md-footer-nav__link--next" rel=next> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Next </span> kubectl plugin </div> </div> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg> </div> </a> </nav> </div> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <script src=../assets/javascripts/vendor.93c04032.min.js></script> <script src=../assets/javascripts/bundle.83e5331e.min.js></script><script id=__lang type=application/json>{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script> <script>
app = initialize({
base: "..",
features: ['navigation.tabs', 'navigation.tabs.sticky', 'navigation.instant', 'navigation.sections'],
search: Object.assign({
worker: "../assets/javascripts/worker/search.8c7e0a7e.min.js"
}, typeof search !== "undefined" && search)
})
</script> </body> </html>
Reference in New Issue View Git Blame Copy Permalink