Troubleshooting Kubernetes Ingress Controller

2 min readDec 2, 2020

In fact troubleshooting Kubernetes ingress controller is easy and it could save you a lot of time. You just need to know when it is a good idea to do so. Here is an example when you may need it: a request produces an error, but no error logs are reported by the pod responsible for it.

When I was building a Drupal site, I noticed that adding a new field on the page produced 502 Bad Gateway Error. I thought the problem was in the field type that caused a fatal PHP error, but usually such errors are reported, however, I was not able to find anything in the logs of pod running Apache and PHP. After going back and forth, I decided to check logs of the Nginx ingress controller.

Typically there is a Nginx pod responsible for ingress controller running in each Kubernetes node in the cluster. So the first step would be getting all such pods.

Running following command:

kubectl get pods --all-namespaces | grep ingress-nginx

Will output something like:

ingress-nginx    default-http-backend-49cd995543-kaff4
ingress-nginx    nginx-ingress-controller-bqb4a
ingress-nginx    nginx-ingress-controller-gqrb3
ingress-nginx    nginx-ingress-controller-agsrd
ingress-nginx    nginx-ingress-controller-24w2g
ingress-nginx    nginx-ingress-controller-q7pzs

The first column is a namespace, the second one is a pod name.

For each pod (as you are not sure which one is used), you can get logs with a following command:

kubectl logs -n ingress-nginx <nginx-pod-name> | grep <url>

Running:

kubectl logs -n ingress-nginx nginx-ingress-controller-bqb4a | grep "node/add/person"

Outputs this:

2020/12/02 14:18:53 [error] 605#605: *436444 upstream sent too big header while reading response header from upstream, client: 172.18.70.5, server: example.org, request: "GET /node/add/person HTTP/1.1", upstream: "http://10.42.64.3:80/node/add/person", host: "example.org", referrer: "https://example.org/node/add"

As we can see the actual error is upstream sent too big header while reading response header from upstream. This is caused because Drupal is setting quite a long Cache-Tags header.

The solution was to update Ingress Configuration to something like this.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  generation: 2
  name: web-ingress
  labels:
    app: web
  annotations:
    nginx.ingress.kubernetes.io/proxy-buffer-size: 10k
spec:
  rules:
    - host: example.org
      http:
        paths:
          - backend:
              serviceName: web-service
              servicePort: http

Depending on the issue, you can tweak Nginx configuration, see https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/ to have an idea what you can set.

Written by Ovadiah Myrgorod

182 Followers

Welcome to the day that makes it a good day everyday!

More from Ovadiah Myrgorod

Creating a scalable and resilient Varnish cluster using Kubernetes

Ovadiah Myrgorod

Creating a scalable and resilient Varnish cluster using Kubernetes

Recently I have been working on a project with a need for a scalable and resilient Varnish cluster. The interesting thing about such a…

6 min readJun 30, 2020

Ovadiah Myrgorod

A better struct validation in Golang

Validation is needed to make sure that the content of a struct or a type is in the format you require. In the case of user registration…

3 min readJun 5, 2019

Weighted random selection from the database using SQL

Ovadiah Myrgorod

Weighted random selection from the database using SQL

With a recent iOS upgrade to version 12, I’ve noticed that Apple changed the algorithm of how songs are shuffled. Now Music app gives a…

3 min readSep 18, 2018

How-to: using Bitcoin key pairs to for encrypted messaging

Ovadiah Myrgorod

How-to: using Bitcoin key pairs to for encrypted messaging

In my previous post, I have described an idea of building an anonymous messenger for Bitcoin users. Now it is a time to prove that it will…

3 min readJul 30, 2017

See all from Ovadiah Myrgorod

Recommended from Medium

A person drowning asking for help with her arm up

Guilherme Pereira

Kubernetes “x509: certificate has expired or is not yet valid” error

This is going to be a short article and I want to write it because of the pain that it took me to fix this error.

4 min readMay 16

Marcos Pereira Júnior

Using NGINX as API Gateway

Hi everyone!

8 min readMay 31

Lists

Natural Language Processing

666 stories274 saves

Aditya Chandrakar
in
Searce

Using Helm with Terraform to deploy AWS Load Balancer Controller on AWS EKS

What is Helm?

8 min readJun 23

The kube guy

Kubernetes Ingress controllers

In our exploration of Kubernetes, we’ve covered essential topics like pods, services, and deployments, enabling us to build and manage…

3 min readSep 20

Installing the Nginx Ingress Controller on K3S

Alesson Viana

Installing the Nginx Ingress Controller on K3S

Hello everyone! After facing some problems in my K3S cluster, I decided to change my default ingress and proxy installed in K3S. And so…

4 min readMay 1

How To Install TLS/SSL on Docker Nginx Container With Let’s Encrypt

Macdonald Chika

How To Install TLS/SSL on Docker Nginx Container With Let’s Encrypt

Discover how to secure your Nginx Docker container by leveraging Let’s Encrypt and Certbot.

5 min readJun 9

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams