Nginx Ingress controller not working with traffic split getting 503

Hi Team

I have been using Linkerd and this is the first time I’m implementing the Linkerd Traffic Split with Nginx ingress controller. I have set up the configuration as in this configuration and I’m happy to say internally it is perfectly working. I need to implement a Blue/Green deployment with external traffic route through the ingress controller.

My Nginx ingress controller is configured as a DaemonSet and it has been injected with linkerd inject --ingress - | kubectl apply -f - and I can it as meshed in the dashboard. Also, I have set the ingress resource of the web-apex service in the given repository with the below annotations

  annotations: "nginx" |
  proxy_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:$service_port;
  grpc_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:$service_port;

Here is the Nginx pod annotations:

but when I’m accessing it through the browser it returns “503 Service Temporarily Unavailable” error. It seems it doesn’t’t aware about the mesh and trying to reach to the endpoints of the web-apex service, which doesn’t have them configured.

I believe this is definitely a misconfiguration and there should be a way to configure this to achieve traffic-split with Nginx ingress with the external traffic. I’d love to see your valuable advices on this to fix it. Please assist me.

My ingress controller version 3.10.0
Linkerd version: Client version: stable-2.9.1, Server version: stable-2.9.1

I went through the previous discussion but didn’t help.

tl;dr: The nginx ingress requires a Service resource to have an Endpoint resource in order to be considered a valid destination for traffic. The architecture in the repo creates three Service resources, one of which acts as an apex and has no Endpoint resources because it has no selectors, so the nginx ingress won’t send traffic to it, and the leaf services will not get traffic as a result.

The example in the repo follows the SMI Spec by defining a single apex service and two leaf services. The web-apex service does not have any endpoints, so nginx will not send traffic to it.

According to the SMI Spec services can be self-referential, which means that a service can be both an apex and a leaf service, so to use the nginx ingress with this example, you can modify the TrafficSplit definition to change the spec.service value from web-apex to web-svc:

kind: TrafficSplit
  name: web-svc-ts
  namespace: emojivoto
  # The root service that clients use to connect to the destination application.
  service: web-svc
  # Services inside the namespace with their own selectors, endpoints and configuration.
  - service: web-svc
    # Identical to resources, 1 = 1000m
    weight: 500m
  - service: web-svc-2
    weight: 500m
1 Like

I can confirm that fix worked perfectly and, working as expected. Thank you for the support! :pray:t4:

Great! Thanks for confirming @ArunaLakmal