I installed AWX-Operator on K8S along with kustomization.
After proper configuration, AWX starts correctly, I can access it via:
http://server_ip:30080
Now I'm in the process of setting up the YAML files so that I can access through my own domain.
The ingress.yaml file looks like this:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app: awx-ingress
name: awx-ingress
namespace: awx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- someDomain.com
secretName: awx-secret-tls
rules:
- host: someDomain.com
http:
paths:
- backend:
service:
name: awx-service
port:
number: 80
path: /
pathType: Prefix
Result is:
Also my main awx.yaml looks like:
---
apiVersion: awx.ansible.com/v1beta1
kind: AWX
metadata:
name: awx
namespace: awx
spec:
auto_upgrade: true
admin_user: admin
admin_password_secret: awx-admin-password
ingress_type: ingress
ingress_tls_secret: awx-secret-tls
hostname: someDomain.com
postgres_configuration_secret: awx-postgres-configuration
postgres_storage_class: awx-postgres-volume
postgres_storage_requirements:
requests:
storage: 8Gi
projects_persistence: true
projects_existing_claim: awx-projects-claim
All I want to is just enter the AWX GUI via someDomain.com
my current ingress configuration is:
apiVersion: "networking.k8s.io/v1"
kind: "Ingress"
metadata:
name: "app-ingress"
annotations:
kubernetes.io/ingress.global-static-ip-name: "app-external-ip"
kubernetes.io/ingress.class: "gce"
spec:
tls:
- hosts:
- "example.app"
secretName: "app-tls"
rules:
- host: "example.app"
http:
paths:
- path: "/"
pathType: "Prefix"
backend:
service:
name: "app-service"
port:
number: 80
now i struggle with not HSTS enabled. I can enter example.app with http and https protocol, but i want to strict it to https only. I tried:
using nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - still http available
using kubernetes.io/ingress.allow-http: "false" - creates google managed certificate (im using self signed one app-tls) which makes ssl cert error in browser.
I'm pretty sure second one should be the option and i'm doing something wrong or misconfigure something.
Your ingress class is GCE and might be using the GCE ingress so Nginx annotation should not work.
So you have to create the
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: my-frontend-config
spec:
redirectToHttps:
enabled: true
responseCodeName: MOVED_PERMANENTLY_DEFAULT
Read more at : Doc ref
I have an instance of home-assistant being server from home..com. Using k8s-at-home helm chart I added a code-server sidecar to be served from home..com/codeserver. Both of these ingresses use ingress-nginx. The codeserver ingress redirects to home assistant root path when using home..com/codeserver, but when using home..com/codeserver/ it properly redirects to the code-server ingress. I would like not to have to explain that the last '/' is necessary. What can I do to make .com/codeserver work?
Here is the codeserver ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: home-assistant-codeserver
namespace: home
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- home.<DOMAIN>.com
secretName: home-tls
rules:
- host: home.<DOMAIN>.com
http:
paths:
- path: /codeserver(/|$)(.*)
pathType: Prefix
backend:
service:
name: home-assistant-codeserver
port:
number: 12321
Here is the home-assistant ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: home-assistant
namespace: home
spec:
ingressClassName: nginx
tls:
- hosts:
- home.<DOMAIN>.com
secretName: home-tls
rules:
- host: home.<DOMAIN>.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: home-assistant
port:
number: 8123
I've been playing around with the nginx.ingress.kubernetes.io/rewrite-target annotation, but with no luck. What I have above seems to be the best solution from what I've seen online, but I'm still having this issue.
I am trying to use Nginx ingress to access kubernetes dashboard on my local pc. The step I followed are:
Getting nginx ingress
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/cloud/deploy.yaml
Getting kubernetes dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
Applying this ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
spec:
rules:
- host: "kubernetes.docker.internal"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: kubernetes-dashboard
port:
number: 443
Checking that my host file has this line
127.0.0.1 kubernetes.docker.internal
If I try to open http://kubernetes.docker.internal/ on my browser I get "Http Error 400 this page isn't working", while on postman I get an error 400 with message "Client sent an HTTP request to an HTTPS server."
How can I resolve?
I resolved adding annotations section in ingress yaml.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
rules:
- host: "kubernetes.docker.internal"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: kubernetes-dashboard
port:
number: 443
I need to set a custom error in traefik ingress on kubernetes so that when there is no endpoint or when the status is "404", or "[500-600]" it redirects to another error service or another custom error message I used the annotation as it's in the documentation in the ingress file as this (Note: this a helm template output of passing the annotation as a yaml in the values.yaml file)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend
namespace: "default"
annotations:
external-dns.alpha.kubernetes.io/target: "domain.com"
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/error-pages: "map[/:map[backend:hello-world status:[502 503]]]"
spec:
rules:
- host: frontend.domain.com
http:
paths:
- backend:
serviceName: frontend
servicePort: 3000
path: /
The answer by ldez is correct, but there are a few caveats:
First off, these annotations only work for traefik >= 1.6.x (earlier versions may support error pages, but not for the kubernetes backend)
Second, the traefik backend must be configured through kubernetes. You cannot create a backend in a config file and use it with kubernetes, at least not in traefik 1.6.x
Here's how the complete thing looks like. foo is just a name, as explained in the other answer, and can be anything:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend
namespace: "default"
annotations:
external-dns.alpha.kubernetes.io/target: "domain.com"
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/error-pages: |-
foo:
status:
- "404"
- "500"
# See below on where "error-pages" comes from
backend: error-pages
query: "/{{status}}.html"
spec:
rules:
# This creates an ingress on an non-existing host name,
# which binds to a service. As part of this a traefik
# backend "error-pages" will be created, which is the one
# we use above
- host: error-pages
http:
paths:
- backend:
serviceName: error-pages-service
servicePort: https
- host: frontend.domain.com
http:
# The configuration for your "real" Ingress goes here
# This is the service to back the ingress defined above
# Note that you can use anything for this, including an internal app
# Also: If you use https, the cert on the other side has to be valid
---
kind: Service
apiVersion: v1
metadata:
name: error-pages-service
namespace: default
spec:
ports:
- name: https
port: 443
type: ExternalName
externalName: my-awesome-errors.mydomain.test
If you use this configuration, and your app sends a 404, then https://my-awesome-errors.mydomain.test/404.html would be shown as the error page.
The correct syntax is:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend
namespace: "default"
annotations:
external-dns.alpha.kubernetes.io/target: "domain.com"
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/error-pages: |-
foo:
status:
- "404"
backend: bar
query: /bar
fii:
status:
- "500-600"
backend: bar
query: /bir
spec:
rules:
- host: frontend.domain.com
http:
paths:
- backend:
serviceName: frontend
servicePort: 3000
path: /
https://docs.traefik.io/v1.6/configuration/backends/kubernetes/#general-annotations
Note that, currently, the Helm Charts doesn't support this feature.
Ingress does not support that annotations that you guys are using there!
That annotations are supported with Service only, Ingress is using host section.