ingress-nginx: [k8s 1.8] Healthcheck failing when HostNetwork set to true

I’ve just upgraded to k8s 1.8.0 and have encountered a regression on the nginx ingress controller.

When I deploy my ingress controller with hostNetwork set to true (see below for yaml) The healthz endpoints returns an error:

[+]ping ok
[-]Ingress Controller failed: reason withheld
healthz check failed

This then causes the liveliness/readiness checks to fail and the scheduler to endlessly restart the pod(s).

If I disable hostNetwork then everything works, but due to my network setup I don’t get the X-Real-IP and X-Forwarded-For headers set correctly (they get set to the internal IP address).

This worked fine with beta.13 on 1.7.x and I upgraded to beta.14 to see if this would fix anything with k8s 1.8.0, but no dice 😦

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: nginx-ingress-controller
  namespace: ingress
  labels:
    k8s-app: nginx-ingress-controller
spec:
  template:
    metadata:
      labels:
        k8s-app: nginx-ingress-controller
    spec:
      serviceAccountName: ingress-service
      nodeSelector:
        role: ingress
      hostNetwork: true
      terminationGracePeriodSeconds: 60
      containers:
      - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.14
        name: nginx-ingress-controller
        readinessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
        livenessProbe:
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          timeoutSeconds: 1
        ports:
        - containerPort: 80
          hostPort: 80
        - containerPort: 443
          hostPort: 443
        env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
        args:
        - /nginx-ingress-controller
        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 43 (29 by maintainers)

Most upvoted comments

@danielmorlock no, we published the images to gcr.io but that required someone from the google team run the release process.

+1
aledbf on Jan 21, 2018

I’ll try reproducing this in a different env (kubeadm on ubuntu or something) tomorrow.

+1
jhorwit2 on Oct 25, 2017
Read more comments on GitHub
← ingress-nginx: Issue with install not working on cluster.
ingress-nginx: k8s.io/client-go@v0.20.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.Ingress: failed to list *v1beta1.Ingress →