Controllers not accessible without trailing slash '/' when using CloudBees CI with platform EKS

Issue

  • I have deployed CloudBees CI in EKS with .OperationsCenter.platform="eks" and using the AWS Load Balancer Ingress Controller
  • I cannot access the controller at https/<hostname>/<controllerName>/ but not at https/<hostname>/<controllerName>

Environment

Related Issues

  • BEE-382: Update master-provisioning-plugin to support Ingress in networking.k8s.io/v1

Explanation

Until version 1.19 of Kubernetes, Controller Ingress rules are implementation specific and using 2 rules /<controllerName>/ and /<controllerName>/*. The Ingress Nginx Controller matches /<controllerName> based on those rules. However, the AWS Load Balancer controller does not. Improvement in Kubernetes 1.19, CloudBees CI 2.277.4.2 and AWS Load Balancer Ingress Controller 2.2.0 fixes those discrepancies and provide an API in which the path matching can be specified:

  • Starting from version 1.18 of Kubernetes, a pathType is introduced to the Ingress API in networking.k8s.io/v1beta to specify how Ingress paths should be matched.
  • Starting from version 1.19 of Kubernetes, the Ingress API becomes stable and graduates to networking.k8s.io/v1.

This is the right way forward and improvements to CloudBees CI and ALB Load Balancer Controller have been introduced to support this:

  • Starting from version 2.277.4.2 of CloudBees CI, Controller ingresses are using the networking.k8s.io/v1 if supported by the cluster. Using a single rule on /<controllerName>/ with Prefix as the pathType.
  • Starting from version 2.2.0 of AWS Load Balancer Controller, the pathType value Prefix is supported and will create a rule for “/<controllerName> OR /<controllerName>/*

Resolution

To solve this problem:

  • Upgrade CloudBees CI to version 2.277.4.2 or later
  • Upgrade the AWS Load Balancer Controller to version 2.2.0 or later
  • Upgrade EKS to version 1.19 or later

Have more questions?

0 Comments

Please sign in to leave a comment.