My task is create ingress rules between some services in k8s, one of this - keycloak. I try to write rule for it as:
my-service.my-url.com/keycloak
My ingress.yaml:
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: my-ing
namespace: my-ns
spec:
rules:
- host: my-service.my-url.com
http:
paths:
#to keycloak
- path: /keycloak(/|$)(.*)
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 8090
# all other url
- path: /
pathType: Prefix
backend:
service:
name: my-main-service
port:
number: 8080
But keycloak service rewrite my url with /auth as
my-service.my-url.com/auth
... and after this my ingress rules send url to main service that return error!
If change rules with /auth as...
#to keycloak
- path: /auth(/|$)(.*)
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 8090
# all other url
- path: /
pathType: Prefix
backend:
service:
name: my-main-service
port:
number: 8080
i will take recurse error: ingress remove "/auth", keycloak add it again, ingress remove and etc...
Is the any way to resolve this task?
I check this rule:
rules:
- host: my-service.my-url.com
http:
******
- host: my-keycloak.my-url.com
http:
******
... it's work, but not for my situation.
Also i try to change Front url setup in keycloak realm:
change keycloak setup
but it create other problem:
error responce from keycloak
And now i have no idea for this problem...
Can someone help with this?
Thnx.
Related
I want to organize my web apis iwth kubernetes ingress tool.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-api-ingress
annotations:
kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/use-regex: "true"
# nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- host: api.myapp.com
http:
paths:
- pathType: Prefix
path: /catalog
backend:
service:
name: myapp-catalog-service
port:
number: 80
- pathType: Prefix
path: /identity
backend:
service:
name: myapp-identity-service
port:
number: 80
With this configuration, I can access the "api.myapp.com/catalog".
But "api.myapp.com/catalog" is 404 not found. How can fix this configuration?
Seems to be an issue with rewrite annotation that might cause the 404 error. Can you give the below annotation in the yaml and give a try :
nginx.ingress.kubernetes.io/rewrite-target: /$2
As per this rewrite target example , These $2 placeholders can be used as parameters in the rewrite-target annotation. This Target URI where the traffic must be redirected.
As per Kubernetes ingress update your yaml as below example which can be accessed from foo.bar.com/foo from port 4200 and foo.bar.com/bar from port 8080.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-fanout-example
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /foo
pathType: Prefix
backend:
service:
name: service1
port:
number: 4200
- path: /bar
pathType: Prefix
backend:
service:
name: service2
port:
number: 8080
Refer to this ingress path matching doc and SO
Basically I need to achieve the workflow as below. I've already deployed the official nginx helm-chart without any custom-values.
The flow I'm trying to achieve:
• https://test-api.foo.com/ >>> http://k8s-service-A/
• https://test-api.foo.com/bar >>> http://k8s-service-B/bar
• https://test-api.foo.com/sos >>> http://k8s-service-C/sos
Here is my service-A-ingress.yaml configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.org/client-max-body-size: 1024m
nginx.org/proxy-connect-timeout: 350s
nginx.org/proxy-read-timeout: 4260s
name: service-A-ingress
spec:
ingressClassName: nginx
rules:
- host: test-api.foo.com
http:
paths:
- backend:
service:
name: service-A
port:
number: 3001
path: /
pathType: ImplementationSpecific
- backend:
service:
name: Service-B
port:
number: 3002
path: /bar
pathType: ImplementationSpecific
- backend:
service:
name: Service-C
port:
number: 3003
path: /sos
pathType: ImplementationSpecific
Assume that all 3 services and their respective deployments are already there working fine. For all 3 services I'm getting response as below:
• https://test-api.foo.com/ >>> http://k8s-service-A/ (working fine)
• https://test-api.foo.com/bar >>> http://k8s-service-B/bar (Got 404)
• https://test-api.foo.com/sos >>> http://k8s-service-C/sos (Got 404)
I'm not an nginx expert but what it looks like is, `rewrite-target' annotation in the ingress doesn't work.
Also let me know if I'm doing something wrong or understanding it differently. Any help would be appreciated.
As #xirehat mentioned, the rewrite annotation can be removed. Because the request will be rewritten to match the URI that the associated services anticipate. Because occasionally the exposed URL for the backend service is different from the path indicated in the Ingress rule. Unless a request is rebuilt, it will always return 404.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.org/client-max-body-size: 1024m
nginx.org/proxy-connect-timeout: 350s
nginx.org/proxy-read-timeout: 4260s
name: service-A-ingress
spec:
ingressClassName: nginx
rules:
- host: test-api.foo.com
http:
paths:
- backend:
service:
name: service-A
port:
number: 3001
path: /
pathType: ImplementationSpecific
- backend:
service:
name: Service-B
port:
number: 3002
path: /bar
pathType: ImplementationSpecific
- backend:
service:
name: Service-C
port:
number: 3003
path: /sos
pathType: ImplementationSpecific
In case if still it doesn't work then try with pathType: Prefix. You can refer to these links to learn more about Rewrite annotation and Ingress annotations.
I've encountered an odd problem, I think. I'm not sure if my rewrite-target is correct.
I got two URLs that I want to reach, both URLs are going to different backend and frontends. The /login endpoint will be added automatically when you hit the login-page, which we will do.
first one: dev.app.com/login
second one: dev.app.com/path2/login
The first URL is always working, even if I put /login after the host directly or just let it redirect from dev.app.com to dev.app.com/login.
But the second URL is working only if I let it redirect from dev.app.com/path2 to dev.app.com/path2/login. If I put dev.app.com/path2/login directly in the browser I will get an 404 not found nginx error. The same goes if I first put dev.app.com/path2/ and gets redirected to dev.app.com/path2/login (which works), then I reload the page. Then I get an 404 not found error.
I have setup an Ingress file with the following code:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-fe
annotations:
nginx.ingress.kubernetes.io/use-regex: 'true'
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- dev.app.com
secretName: tls-secret-con
rules:
- host: dev.app.com
http:
paths:
- path: /(.*)
pathType: ImplementationSpecific
backend:
service:
name: path1svc
port:
number: 80
- path: /path2(/|$)(.*)
pathType: ImplementationSpecific
backend:
service:
name: path2svc
port:
number: 80
What could cause this?
In the Yaml Can you change the PathType to Prefix and have a check?. Can you refer to this link1 and Link2 and Let me know if this resolves your issue. Find sample examples for ingress Path matching.
Here's the example from the Kubernetes docs:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress-1
spec:
ingressClassName: nginx
rules:
- host: test.com
http:
paths:
- path: /foo/bar
pathType: Prefix
backend:
service:
name: service1
port:
number: 80
- path: /foo/bar/
pathType: Prefix
backend:
service:
name: service2
port:
number: 80
I have a avi Kubernetes ingress and want to redirect / to /ui . Is it possible to do on Ingress routing rules.
poc.xxx.com/ --> How to redirect it to poc.xxx.com/ui
poc.xxx.com/ui --> ui-service
poc.xxx.com/backend --> backend-service
My ingress Yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: poc-ingress
spec:
rules:
- host: poc.xxx.com
http:
paths:
- path: /ui
pathType: Prefix
backend:
service:
name: ui-service
port:
number: 443
- path: /backend
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 443
What if you do something like this, any request at / will get moved to ui service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: poc-ingress
spec:
rules:
- host: poc.xxx.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ui-service
port:
number: 443
- path: /backend
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 443
However still if you are looking for a redirect solution you can follow below option
Add this annotation in ingress :
nginx.ingress.kubernetes.io/server-snippet: |
location ~ / {
rewrite / https://test.example.com/ui permanent;
}
if request comes at / it will get redirected to another domain or ui path as you wish.
You can also create the two ingress looks like this, first one check backend and / while another one handles ui :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: poc-ingress
annotation:
nginx.ingress.kubernetes.io/server-snippet: |
location ~ / {
rewrite / https://test.example.com/ui permanent;
}
spec:
rules:
- host: poc.xxx.com
http:
paths:
- path: /backend
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ui-ingress
spec:
rules:
- host: poc.xxx.com
http:
paths:
- path: /ui
pathType: Prefix
backend:
service:
name: ui-service
port:
number: 443
Do not forget to use the ingress class annotation in ingress.
I want a Ingress, that routes host.com/abc/xyz to service/xyz.
I have the following configuration but its routing host.com/abc/xyz to service/abc/xyz.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
appgw.ingress.kubernetes.io/connection-draining: "true"
appgw.ingress.kubernetes.io/connection-draining-timeout: "30"
appgw.ingress.kubernetes.io/request-timeout: "300"
appgw.ingress.kubernetes.io/health-probe-status-codes: "200-399, 401"
kubernetes.io/ingress.class: azure/application-gateway
generation: 1
name: serviceAingress
namespace: pantry-services
spec:
rules:
- host: myhost.net
http:
paths:
- backend:
serviceName: serviceA
servicePort: 8083
path: /abc/*
pathType: Prefix
- backend:
serviceName: serviceA
servicePort: 8083
path: /abc
pathType: Prefix
How can I route myhost.net/abc/* to service/* ? the abc should not be included in the backend call. I've tried pathType as ImplementationSpecific too
I solved this using the backend-path-prefix annotation as described here - https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/annotations.md#backend-path-prefix
If your service is a host name. Name-based virtual hosts support routing HTTP traffic to multiple host names at the same IP address.
Would Suggest you to please use the below. yaml code
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: name-virtual-host-ingress
spec:
rules:
- host: myhost.net
http:
paths:
- pathType: Prefix
path: "abc/*"
backend:
service:
name: service1
port:
number: 80
- host: service
http:
paths:
- pathType: Prefix
path: "/*"
backend:
service:
name: service2
port:
number: 80
If you create an Ingress resource without any hosts defined in the rules, then any web traffic to the IP address of your Ingress controller can be matched without a name based virtual host being required.
For example, the following Ingress routes traffic requested for myhost.net/abc/ to service1, service/* to service2
Reference: https://kubernetes.io/docs/concepts/services-networking/ingress/