azurekubernetesazure-aksnginx-ingressingress-controller

AKS Ingress controller DNS gives 404 error

I have created aks cluster with 2 services exposed using Ingress controller

below is the yml file for ingress controller with TLS

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: xyz-office-ingress02
  annotations:
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - office01.xyz.com
    secretName: tls-office-secret
  rules:
  - host: office01.xyz.com
  - http:
      paths:
      - path: /(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: office-webapp
            port:
              number: 80
      - path: /api/
        pathType: Prefix
        backend:
          service:
            name: xyz-office-api
            port:
              number: 80

kubenctl describe ing

 Name:             xyz-office-ingress02
Labels:           <none>
Namespace:        default
Address:          <EXTERNAL Public IP>
Ingress Class:    <none>
Default backend:  <default>
TLS:
  tls-office-secret terminates office01.xyz.com
Rules:
  Host        Path  Backends
  ----        ----  --------
  *           
              /(/|$)(.*)   office-webapp:80 (10.244.1.18:80,10.244.2.16:80)
              /api/        xyz-office-api:80 (10.244.0.14:8000,10.244.1.19:8000)
Annotations:  cert-manager.io/cluster-issuer: letsencrypt
              kubernetes.io/ingress.class: nginx
              nginx.ingress.kubernetes.io/rewrite-target: /
              nginx.ingress.kubernetes.io/use-regex: true
Events:       <none>

On IP i am able to access both services, however when using the DNS it is not working and gives 404 error

Solution

  • Cleaning up remarks from comments: basically, the issue is with the ingress rules definition. We have the following:

      rules:
  - host: office01.xyz.com
  - http:
      paths:
        ...

    We know connecting to ingress directly does work, without using DNS. While when querying it through DNS: we get a 404.

    The reason for this 404 is that, when entering with a DNS name, you enter the first rules. In which you did not define any backend.

    One way to fix this would be to relocate the "host" part of that ingress with your http rules, eg:

    spec:
  tls:
    ...
  rules:
  - host: office01.xyz.com
    http: #no "-", not a new entry => http & host belong to a single rule
      paths:
      - path: /(/|$)(.*)
        ...
      - path: /api/
        ...