-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting 400 Bad Request #6
Comments
I've just realized that
My setup is nginx-ingress + MetalLB with one external IP used by many ingress resources. |
I ran cert-manager in my laptop and it all worked since it accessed from outside the cluster. I'm trying to set up a dev/test instance so expiration is not an issue. But that's not viable normally for majority of use cases, so I'll keep this issue open and I'd be more than happy to help you debug by reproducing it. |
Hi @muvaf I encountered the exact same problem with ingress-nginx and metallb. @compumike could you please have a look on this? |
@muvaf just an idea, but do we need to configure proxy protocol for our ingress-nginx? |
@shibumi I'm not sure. Here is my controller:
externalTrafficPolicy: "Local"
extraArgs:
enable-ssl-passthrough: ""
kind: DaemonSet
type: LoadBalancer
tolerations:
- effect: NoSchedule
operator: Exists |
@muvaf does it help if you set Btw I fixed the whole problem with another solution. Instead of using using the hairpin proxy, I just defined hostAliases for the coreDNS deployment and then ipropagated the /etc/hosts file |
@compumike Getting the same error, any solution? |
Using metallb + traefik |
@reesericci I uninstalled the project. Instead I am adding host/IP tuples to the |
I'm looking currently at k8s_gateway external plugin for coredns, trying to get it to work. |
@shibumi My goal was to just get the let's encrypt query to work and I did that manually by running the cert-manager in my laptop since it was only a one-time operation for me (test cluster). I don't really know if that'd have worked |
@muvaf This was my intention, too. I just added the local ip address + hostname to the |
You can solve the 400 status issue by enabling proxy-protocol on your load balancer by annotating your nginx-ingress and enabling use-proxy-protocl in the controller. |
I've completed the installation with the following commands:
Before installation, the request would time out but now I'm getting
400 Bad Request
.I couldn't find much so I'm sharing all I have right now. Here is the log form my debug pod:
Hairpin proxy pods show no logs. Here is the log line I see in nginx-controller when I send the curl request:
Here is the raw curl and I've confirmed that
10.106.209.95
belongs to hairpin-proxy service:FWIW, I'm able to acces the URL from the public and getting the following in response to
kubectl describe challenge
:The text was updated successfully, but these errors were encountered: