Help Center/ Cloud Container Engine/ User Guide (Ankara Region)/ FAQs/ Networking/ Network Fault/ What Should I Do If an Nginx Ingress Access in the Cluster Is Abnormal After the Add-on Is Upgraded?
Updated on 2024-12-04 GMT+08:00

What Should I Do If an Nginx Ingress Access in the Cluster Is Abnormal After the Add-on Is Upgraded?

Symptom

An Nginx Ingress whose type is not specified (kubernetes.io/ingress.class: nginx is not added to annotations) exists in the cluster. After the nginx-ingress add-on is upgraded from 1.x to 2.x, services are interrupted.

Fault Locating

For an Nginx Ingress, check the YAML. If the Ingress type is not specified in the YAML file and the Ingress is managed by the Nginx Ingress Controller, the Ingress is at risk.

  1. Check the Ingress type.

    Run the following command:
    kubectl get ingress <ingress-name> -oyaml | grep -E ' kubernetes.io/ingress.class: | ingressClassName:'
    • Fault scenario: If the command output is empty, the Ingress type is not specified.
    • Normal scenario: The command output is not empty, indicating that the Ingress type has been specified by annotations or ingressClassName.

  2. Ensure that the Ingress is managed by the Nginx Ingress Controller. The LoadBalancer Ingresses are not affected by this issue.

    • For clusters of v1.19, confirm this issue using managedFields.
      kubectl get ingress <ingress-name> -oyaml | grep 'manager: nginx-ingress-controller'

    • For clusters of other versions, check the logs of the Nginx Ingress Controller pod.
       kubectl logs -nkube-system cceaddon-nginx-ingress-controller-545db6b4f7-bv74t | grep 'updating Ingress status'

    If the fault persists, contact technical support personnel.

Solution

Add an annotation to the Nginx Ingress as follows:

kubectl annotate ingress <ingress-name> kubernetes.io/ingress.class=nginx

There is no need to add this annotation to LoadBalancer Ingresses. Verify that these Ingresses are managed by Nginx Ingress Controller.

Possible Causes

The nginx-ingress add-on is developed based on the Nginx Ingress Controller template and image of the open source community.

For the Nginx Ingress Controller of an earlier version (community version v0.49 or earlier, corresponding to CCE nginx-ingress version v1.x.x), the Ingress type is not specified as nginx during Ingress creation, which is, kubernetes.io/ingress.class: nginx is not added to annotations. This Ingress can also be managed by Nginx Ingress Controller. For details, see the GitHub code.

For the Nginx Ingress Controller of a later version (community version v1.0.0 or later, corresponding to CCE nginx-ingress version 2.x.x), if the Ingress type is not specified as nginx during Ingress creation, this Ingress will be ignored by the Nginx Ingress Controller and the Ingress rules become invalid. The services will be interrupted. For details, see the GitHub code.

Related link: https://github.com/kubernetes/ingress-nginx/pull/7341

You can specify the Ingress type in either of the following ways:

  • Add the kubernetes.io/ingress.class: nginx annotation to the Ingress.
  • Use spec. Set the .spec.ingressClassName field to nginx. IngressClass resources are required.

An example is as follows:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: test
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  ingressClassName: nginx
  rules:
...
status:
  loadBalancer: {}