External IP nginx issue

jsolis · September 10, 2020, 7:46pm

When using the values.yml to configure an external IP and custom port for the RasaX server I get a parsing error but not on my file. The parsing error is found in rasa-x/templates/nginx-service.yaml error converting YAML to JSON: yaml: line 21: could not find expected ':'

This is my nginx values file

    nginx:
  enabled: true
  name: "rasa/nginx"
  service:
    type: LoadBalancer
    port: 80
    externalIPs: redacted

And this is the official helm chart file the parsing error is found on.

{{- if .Values.nginx.enabled }}
apiVersion: "v1"
kind: "Service"
metadata:
  name: {{ include "rasa-x.fullname" . }}-nginx
  labels:
    {{ include "rasa-x.labels" . | nindent 4 }}
    app.kubernetes.io/component: nginx
{{- with .Values.nginx.service.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
{{- end }}
spec:
  ports:
  - port: {{ .Values.nginx.service.port }}
    targetPort: 8080
    protocol: "TCP"
    name: "http"
    {{- if .Values.nginx.service.nodePort }}
    nodePort: {{ .Values.nginx.service.nodePort }}
  {{- end }}
    {{- if .Values.nginx.service.externalIPs }}
  externalIPs: {{ .Values.nginx.service.externalIPs | toYaml | nindent 2 }}
    {{- end }}
  type: {{ .Values.nginx.service.type }}
  selector:
    {{- include "rasa-x.selectorLabels" . | nindent 4 }}
    app.kubernetes.io/component: nginx
{{- end }}

mloubser · September 11, 2020, 11:43am

I’m not sure which line is line 21 based on your snippets - do you know which one it was?

jsolis · September 11, 2020, 5:11pm

Yeah I am sorry that was confusing. Line 21 is the one that says {{ -end }} right after nodePort: {{.Values.nginx.service.nodePort }}

Additional information: I am using the official helm chart, the only thing I did different from the tutorial was adding custom nginx values to the values.yml file. When I deploy without these custom values everything works just fine.

My values.yml parses just fine, the parsing error is in the helm chart and I would try to solve it and ask for a merge request but I don’t see anything wrong.

mloubser · September 18, 2020, 4:14pm

What happens if you do a helm lint?

Saylee · September 28, 2020, 12:42pm

@jsolis were you able to solve the issue? Even I am getting the same problem.

Saylee · September 28, 2020, 1:11pm

@jsolis I got rid of the issue by passing the external ip as a list instead of string. This led to correct population of the externalIPs under the service key of nginx.

However, my service still passes request from the IPs apart from the IP specified in the externalIPs list… sigh. @mloubser @Tobias_Wochinger

jsolis · September 29, 2020, 2:17am

Thanks for the info, you are right, that solves the parsing error. However, as you said, the service still passes request from the IPs apart from the IP specified in the externalIPs list.

tczekajlo · September 29, 2020, 9:24am

@jsolis

I think you misunderstand what externalIPs do. The externalIPs it’s not a list of IP addresses that traffic is allowed from, more information you can find in the Kubernetes docs, Service | Kubernetes

The parsing error occurred because the value for externalIPs has to be an array (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#servicespec-v1-core)

Saylee · September 29, 2020, 9:50am

@tczekajlo hi, it will be really very helpful if you could tell how to let only a specific list of IP addresses to use the service. Thanks in advance.

tczekajlo · September 29, 2020, 12:18pm

@Saylee

You can try to use the loadBalancerSourceRanges service parameter, but it has to be supported by your cloud provider. The rasa-x helm template doesn’t support this parameter, but you can add it manually to the Nginx service or modify the rasa-x helm chart.

For example

spec:
  loadBalancerSourceRanges:
    - "143.231.0.0/16"

Saylee · September 30, 2020, 5:31am

@tczekajlo thanks for your response. From whatever little bit I read and understood, the whitelisting can be done thru ingress as well. I tried to pass the required IP addresses to annotations as -

ingress.kubernetes.io/whitelist-source-range: “x.x.x.x/x, x.x.x.x/x”

However, with this setting, its forbidding requests from all the IP addresses.

I also tried,

nginx.ingress.kubernetes.io/whitelist-source-range: “x.x.x.x/x, x.x.x.x/x”

And this is passing requests from all the IP addresses (even those which are not mentioned in the list above)

I am clearly missing something. It’ll be great to get some help.

Thanks in advance.

tczekajlo · September 30, 2020, 7:31am

@Saylee

Those extra annotations work only if you use Ingress controller such as ingress-nginx. You have to have it installed and configured on your Kubernetes cluster.

Additionally, the rasa-x helm chart settings for ingress-nginx look like this.

For example:

      nginx:
        enabled: false
      ingress:
        annotations:
          kubernetes.io/ingress.class: nginx
          nginx.ingress.kubernetes.io/whitelist-source-range: "x.x.x.x/x"
        hosts:
          - host: example.com
            paths:
              - /

Saylee · September 30, 2020, 10:22am

This helps a lot! Thanks a ton!!

Topic		Replies	Views
Ingress or Nginx Reverse Proxy [Deprecated] Rasa X Community Edition	5	1133	October 25, 2021
Make Rasa X on Kubernetes point to Nginx instead of needing port [Deprecated] Rasa X Community Edition	1	464	November 12, 2020
Access Rasa X from Local machine [Deprecated] Rasa X Community Edition	0	212	April 7, 2022
Rasa-X creating classic load balancer while deploying to EKS clusture [Deprecated] Rasa X Community Edition	1	581	February 11, 2021
Rasa x in Kubernetes can't use trigger_intent [Deprecated] Rasa X Community Edition	3	685	July 26, 2021

External IP nginx issue

Related Topics