The ingress address can't access correctly

[sugangsky]

ingress-nginx version: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
kubernetes version :Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:28:34Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:17:43Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Environment:

• Cloud provider or hardware configuration: bare-metal
• OS (e.g. from /etc/os-release): centos7.4
• Kernel :Linux node1 3.10.0-693.el7.x86_64 Basic structure  #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
• Install tools: kubeadm
  What happened: when i excute kubectl get ingress -n kube-system,the result is

NAME         HOSTS         ADDRESS           PORTS     AGE
nginx-test   foo.bar.com   192.168.145.101   80        9m

my ingress adress is same with my baremetal node host ip. i can't use curl 192.168.145.101 to access http-svc. got wrong curl: (7) Failed connect to 192.168.145.101:80; Connection refused .why it happened?
Anything else we need to know:
my http-svc.yaml set:

kind: Deployment
metadata:
  name: http-svc
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: http-svc
    spec:
      containers:
      - name: http-svc
        image: gcr.io/google_containers/echoserver:1.8
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: http-svc
  namespace: kube-system
  labels:
    app: http-svc
spec:
  ports:
  - port: 80
    targetPort: 8080
    protocol: TCP
    name: http
  selector:
    app: http-svc

my ingress.yaml set:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test
  namespace: kube-system
spec:
  rules:
    - host: foo.bar.com
      http:
        paths:
        - path: /
          backend:
            # This assumes http-svc exists and routes to healthy endpoints
            serviceName: http-svc
            servicePort: 80

my ingress-nginx-controller.yaml set:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: nginx-ingress-controller
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ingress-nginx
  template:
    metadata:
      labels:
        app: ingress-nginx
      annotations:
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
    spec:
      serviceAccountName: nginx-ingress-serviceaccount
      containers:
        - name: nginx-ingress-controller
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0
          args:
            - /nginx-ingress-controller
            - --apiserver-host=192.168.145.101
            - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --annotations-prefix=nginx.ingress.kubernetes.io
            - --report-node-internal-ip-address=true
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
          - name: http
            containerPort: 80
          - name: https
            containerPort: 443
          livenessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          readinessProbe:
            failureThreshold: 3
            httpGet:
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1

[sugangsky]

@aledbf

[aledbf]

@sugangnb you are using a normal service and host using nodePort, hostPort or hostnetwork so using the IP address of the node will never work.

[aledbf]

Please reopen if you have more questions

[sugangsky]

@aledbf
my ingress-nginx is using nodePort, http-svc is using clusterIp like this.

[root@node1 bigdata]# kubectl get service --all-namespaces
NAMESPACE     NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
default       kubernetes             ClusterIP   10.96.0.1        <none>        443/TCP                      5d
kube-system   calico-etcd            ClusterIP   10.96.232.136    <none>        6666/TCP                     5d
kube-system   default-http-backend   ClusterIP   10.108.245.70    <none>        80/TCP                       1d
kube-system   http-svc               ClusterIP   10.108.198.244   <none>        80/TCP                       11h
kube-system   ingress-nginx          NodePort    10.101.55.125    <none>        80:31490/TCP,443:30074/TCP   1d
kube-system   kube-dns               ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP                5d
kube-system   kubernetes-dashboard   ClusterIP   10.99.113.249    <none>        443/TCP                      1d
kube-system   tiller-deploy          ClusterIP   10.100.61.13     <none>        44134/TCP                    5d

Your mean I need change http-svc using Nodeport?What can I do to make it work?

[aledbf]

If you are using nodeport the correct address is http://192.168.145.101:31490

[sugangsky]

@aledbf ,excuse me.
After I execut curl -v 192.168.145.101:31490
I got this result.

* About to connect() to 192.168.145.101 port 31490 (#0)
*   Trying 192.168.145.101...
* Connected to 192.168.145.101 (192.168.145.101) port 31490 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.145.101:31490
> Accept: */*
> 
< HTTP/1.1 404 Not Found
< Server: nginx/1.13.7
< Date: Thu, 07 Dec 2017 08:07:45 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 21
< Connection: keep-alive
< Vary: Accept-Encoding
< Strict-Transport-Security: max-age=15724800; includeSubDomains;
< 
* Connection #0 to host 192.168.145.101 left intact
default backend - 404

the log of this commond

192.168.145.101 - [192.168.145.101] - - [07/Dec/2017:08:03:24 +0000] "GET / HTTP/1.1" 404 21 "-" "curl/7.29.0" 85 0.000 [upstream-default-backend] 192.168.166.132:8080 21 0.000 404

I don't understand why this happened

[aledbf]

@sugangnb when you not send the host header you reach the default backend. Please check the ingress docs https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource
Running curl -v http://192.168.145.101:31490 -H 'Host: foo.bar.com'

[liuxiaopiao]

Hi @aledbf ,could you please explain more why cul command without header will reach the default backend? Thanks a lot. Still confused for this.

[aledbf]

could you please explain more why cul command without header will reach the default backend?

Sure. Without a Host header nginx cannot decide to which server you need to be directed. For this scenario, there is a catch-all server that sends traffic to the default backend (returns 404)
Please check http://nginx.org/en/docs/http/request_processing.html

[liuxiaopiao]

@aledbf ,so nice of you. Thanks a lot for the info! Clear with it now.