I've got a K8s ingress and one http and one https backend.
browser -> https -> ingress -> http -> sonarqube
browser -> https -> ingress -> https -> unifi controller
If I'm using this config:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: '0'
name: ingress-test
spec:
rules:
- host: sonar.app.singel.home
http:
paths:
- backend:
service:
name: sonar-service
port:
number: 9000
path: /
pathType: Prefix
- host: unifi.app.singel.home
http:
paths:
- backend:
service:
name: unifi-controller
port:
number: 8443
path: /
pathType: Prefix
Then the http backend will work (sonarQube), and the https backend will not.
Now if I add the annotation:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
Then the https backend will work (unifi controller), and the http backend will not.
I guess I want the annotation to only apply to one of the rules, but I'm not sure this is possible?
You can use the tls as said in k8s doc
For ex:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: '0'
name: ingress-test
spec:
tls:
- hosts:
- sonar.app.singel.home
secretName: test-tls
rules:
- host: sonar.app.singel.home
http:
paths:
- backend:
service:
name: sonar-service
port:
number: 9000
path: /
pathType: Prefix
My assumption was that you can have only one ingress config. But you can have multiple. So the solution is to create two configs and load these, each with their own annotation. Like so:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
name: ingress-1
spec:
rules:
- host: unifi.app.singel.home
http:
paths:
- backend:
service:
name: unifi-controller
port:
number: 8443
path: /
pathType: Prefix
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: '0'
name: ingress-2
spec:
rules:
- host: sonar.app.singel.home
http:
paths:
- backend:
service:
name: sonar-service
port:
number: 9000
path: /
pathType: Prefix
Related
I want to organize my web apis iwth kubernetes ingress tool.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-api-ingress
annotations:
kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/use-regex: "true"
# nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- host: api.myapp.com
http:
paths:
- pathType: Prefix
path: /catalog
backend:
service:
name: myapp-catalog-service
port:
number: 80
- pathType: Prefix
path: /identity
backend:
service:
name: myapp-identity-service
port:
number: 80
With this configuration, I can access the "api.myapp.com/catalog".
But "api.myapp.com/catalog" is 404 not found. How can fix this configuration?
Seems to be an issue with rewrite annotation that might cause the 404 error. Can you give the below annotation in the yaml and give a try :
nginx.ingress.kubernetes.io/rewrite-target: /$2
As per this rewrite target example , These $2 placeholders can be used as parameters in the rewrite-target annotation. This Target URI where the traffic must be redirected.
As per Kubernetes ingress update your yaml as below example which can be accessed from foo.bar.com/foo from port 4200 and foo.bar.com/bar from port 8080.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-fanout-example
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /foo
pathType: Prefix
backend:
service:
name: service1
port:
number: 4200
- path: /bar
pathType: Prefix
backend:
service:
name: service2
port:
number: 8080
Refer to this ingress path matching doc and SO
currently I'm trying the following setup:
I have:
one cluster
one Ingress Controller
one url (myapp.onazure.com)
two namespaces for two applications default and default-test
two deployments, ingress objects, services for the namespaces
I can easily reach my app from the default namespace with path based routing '/' as a prefix rule
Now i have tried to configure the second namespace and following rule: /testing to hit another service
Unfortunately i get an HTTP404 when i try to hit the following URL myapp.onazure.com/testing/openapi.json
What did I miss?
Working Ingress 1
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: liveapi-ingress-object
namespace: default
annotations:
kubernetes.io/ingress.class: public-nginx
spec:
tls:
- hosts:
- myapp-region1.onazure.com
- myapp-region2.onazure.com
secretName: ingress-tls-csi
rules:
- host: - myapp-region1.onazure.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: liveapi-svc
port:
number: 8080
- host: myapp-region2.onazure.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: liveapi-svc
port:
number: 8080
Not working Ingress 2
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: liveapi-ingress-object-testing
namespace: default-testing
annotations:
kubernetes.io/ingress.class: public-nginx
#nginx.ingress.kubernetes.io/rewrite-target: /testing
spec:
tls:
- hosts:
- myapp-region1.onazure.com
- myapp-region2.onazure.com
secretName: ingress-tls-csi-testing
rules:
- host: myapp-region1.onazure.com
http:
paths:
- path: /testing
#pathType: Prefix
backend:
service:
name: liveapi-svc-testing
port:
number: 8080
- host: myapp-region2.onazure.com
http:
paths:
- path: /testing
#pathType: Prefix
backend:
service:
name: liveapi-svc-testing
port:
number: 8080
Maybe I am missing a rewrite target to simply '/' in the testing namespace ingress?
Finally I figured out the missing part. I had to add the following statement to the not working ingress object:
annotations:
kubernetes.io/ingress.class: public-nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
Please see the complete ingress object:
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: liveapi-ingress-object
namespace: default-testing
annotations:
kubernetes.io/ingress.class: public-nginx
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:
- hosts:
- myapp.onazure.com
secretName: ingress-tls-csi-testing
rules:
- host: myapp.onazure.com
http:
paths:
- path: /testing/(.*)
pathType: Prefix
backend:
service:
name: liveapi-svc-testing
port:
number: 8000
Use full DNS name of a service,
$SERVICE.$NAMESPACE.svc.cluster.local
But you need to make sure your ignress controller has acccess to the desired namespace.
I have a avi Kubernetes ingress and want to redirect / to /ui . Is it possible to do on Ingress routing rules.
poc.xxx.com/ --> How to redirect it to poc.xxx.com/ui
poc.xxx.com/ui --> ui-service
poc.xxx.com/backend --> backend-service
My ingress Yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: poc-ingress
spec:
rules:
- host: poc.xxx.com
http:
paths:
- path: /ui
pathType: Prefix
backend:
service:
name: ui-service
port:
number: 443
- path: /backend
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 443
What if you do something like this, any request at / will get moved to ui service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: poc-ingress
spec:
rules:
- host: poc.xxx.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ui-service
port:
number: 443
- path: /backend
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 443
However still if you are looking for a redirect solution you can follow below option
Add this annotation in ingress :
nginx.ingress.kubernetes.io/server-snippet: |
location ~ / {
rewrite / https://test.example.com/ui permanent;
}
if request comes at / it will get redirected to another domain or ui path as you wish.
You can also create the two ingress looks like this, first one check backend and / while another one handles ui :
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: poc-ingress
annotation:
nginx.ingress.kubernetes.io/server-snippet: |
location ~ / {
rewrite / https://test.example.com/ui permanent;
}
spec:
rules:
- host: poc.xxx.com
http:
paths:
- path: /backend
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ui-ingress
spec:
rules:
- host: poc.xxx.com
http:
paths:
- path: /ui
pathType: Prefix
backend:
service:
name: ui-service
port:
number: 443
Do not forget to use the ingress class annotation in ingress.
I am using traefik ingress controller in Kubernetes. It is configured to redirect all request to https and terminate tls connection before passing the request to backend service.
Is it possible to only enable http for one particular ingress config but https for other ingresses ? Any example would be helpful.
I only want to enable http(no https) for this ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
spec:
rules:
- host: testdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: test-service
port:
number: 8080
You can create the one ingress with the config like
apiVersion: networking.k8s.io/v1
kind: Ingress
annotation:
kubernetes.io/ingress.class: "traefik"
ingress.kubernetes.io/force-ssl-redirect: "false"
ingress.kubernetes.io/ssl-redirect: "false"
traefik.ingress.kubernetes.io/frontend-entry-points: http
metadata:
name: test-ingress
spec:
rules:
- host: testdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: test-service
port:
number: 8080
you can get more idea about the annotation from here : https://doc.traefik.io/traefik/v1.6/configuration/backends/kubernetes/
I have a Kubernetes Ingress with the following configuration
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
This works just fine. I can open up the page in the browser and my application works perfectly fine but whenever I add another service like this:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /prometheus
pathType: Prefix
backend:
service:
name: prometheus
port:
number: 9090
- path: /grafana
pathType: Prefix
backend:
service:
name: grafana
port:
number: 3000
things just don't work anymore. My grafana application is now accessible under /grafana but all the routes and links inside the app don't work anymore. What do I have to change that everything will work?
I've already tried adding these two annotations but it didn't change anything.
ingress.kubernetes.io/add-base-url: "true"
ingress.kubernetes.io/rewrite-target: "/$1"