I need to route methods like PUT, PATCH, GET and POST in two different URLs, but I didn't find the best entry for my entry pod. I tried the annotation he used, but it doesn't work. Could you help me with this?
edit yaml added
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.frontend.rule: PathPrefixStrip;Method:PUT,PATCH,POST
traefik.ingress.kubernetes.io/frontend-entry-points: http,https
traefik.ingress.kubernetes.io/rewrite-target: /
name: services-ingress-xx-api-mock
namespace: develop-v1-0
spec:
rules:
- host: xx
http:
paths:
- backend:
serviceName: xx-api-mock
servicePort: http
path: xx/xxx
tls:
- secretName: mysecret
Related
I have the following kubernetes manifest
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik-external
traefik.ingress.kubernetes.io/router.entrypoints: websecure, web
traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
name: ingressname
namespace: thenamespace
spec:
rules:
- host: my.host
http:
paths:
- backend:
serviceName: theservice
servicePort: 8080
path: /api
Havin an service, theservice, that listens to / I would expect the url my.host/api/something/anotherthing match to /something/anotherthing in theservice. That doesn't happen for me though, I get a 404 back.
Any ideas what might be wrong?
During the transition from v1 to v2, a number of internal pieces and components of Traefik were rewritten and reorganized. As such, the combination of core notions such as frontends and backends has been replaced with the combination of routers, services, and middlewares.
With v2 transforming the URL path prefix of incoming requests is configured with middlewares object, after the routing step with router rule PathPrefix.
With v1 it is defined at ingress level:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
spec:
rules:
- host: company.org
http:
paths:
- path: /admin
backend:
serviceName: admin-svc
servicePort: admin
With v2 you have define also middleware object alongside ingress-route:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: http-redirect-ingressroute
namespace: admin-web
spec:
entryPoints:
- web
routes:
- match: Host(`company.org`) && PathPrefix(`/admin`)
kind: Rule
services:
- name: admin-svc
port: admin
middlewares:
- name: admin-stripprefix
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: admin-stripprefix
spec:
stripPrefix:
prefixes:
- /admin
More information can be found here:
Frontends and Backends Are Dead...
... Long Live Routers, Middlewares, and Services
I am struggling to have Ingress controller to properly handle sub paths. My architecture - two services sat on diff paths of one domain. Each service has its own ingress configuration:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress1
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-production-issuer"
kubernetes.io/ingress.allow-http: "false"
spec:
tls:
- hosts:
- api.mydomain.com
secretName: my-secret
rules:
- host: api.mydomain.com
http:
paths:
- path: /path1
backend:
serviceName: service1
servicePort: 80
And
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress2
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-production-issuer"
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- api.mydomain.com
secretName: my-secret
rules:
- host: api.mydomain.com
http:
paths:
- path: /path2
backend:
serviceName: service2
servicePort: 80
With the above configuration, 1st ingress works and i am able to reach my endpoints at api.mydomain.com/path1, in the same time api.mydomain.com/path2 returns http 400. What am i doing wrong?
So the actual problem was a bit different to ingress not being able to find an endpoint. My backend services are secure gRPC services and therefore expect to be called via https or grpcs. So setting an ingress to be running against secure backends solved the problem:
nginx.ingress.kubernetes.io/secure-backends: "true"
For a newer versions of k8s you should use different attributes.
I've got an Ingress object with multiple backends, like this:
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: my-app
annotations:
certmanager.k8s.io/issuer: letsencrypt-prod
fabric8.io/generated-by: exposecontroller
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-body-size: 500m
nginx.ingress.kubernetes.io/session-cookie-expires: '172800'
nginx.ingress.kubernetes.io/session-cookie-max-age: '172800'
spec:
tls:
- hosts:
- my-app.<tld>
secretName: tls-my-app
rules:
- host: my-app.<tld>
http:
paths:
- path: /_ui/
backend:
serviceName: ui
servicePort: 443
- backend:
serviceName: api
servicePort: 443
I only need session stickiness on my api service. But the nginx.ingress.kubernetes.io/affinity: cookie annotation applies to all backend services. Does someone know how I can accomplish what I need?
Annotations are applied to every path (location) defined on your Ingress object. If you need different annotations for each path, you could create one different Ingress for each path:
Annotations are applied to all the paths in the Ingress.
Multiple Ingresses can define different annotations. These definitions are not shared between Ingresses.
If multiple Ingresses define different paths for the same host, the ingress controller will merge the definitions.
Nginx Ingress Controller will watch and collect those Ingress rules, applying them accordingly.
For example:
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: my-app-ui
annotations:
certmanager.k8s.io/issuer: letsencrypt-prod
fabric8.io/generated-by: exposecontroller
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: 'true'
# No session affinity here
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-body-size: 500m
nginx.ingress.kubernetes.io/session-cookie-expires: '172800'
nginx.ingress.kubernetes.io/session-cookie-max-age: '172800'
spec:
tls:
- hosts:
- my-app.<tld>
secretName: tls-my-app
rules:
- host: my-app.<tld>
http:
paths:
- path: /_ui/
backend:
serviceName: ui
servicePort: 443
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: my-app-api
annotations:
certmanager.k8s.io/issuer: letsencrypt-prod
fabric8.io/generated-by: exposecontroller
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/affinity: cookie # <-- Session affiniy is here
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-body-size: 500m
nginx.ingress.kubernetes.io/session-cookie-expires: '172800'
nginx.ingress.kubernetes.io/session-cookie-max-age: '172800'
spec:
tls:
- hosts:
- my-app.<tld>
secretName: tls-my-app
rules:
- host: my-app.<tld>
http:
paths:
- path: /_api/
backend:
serviceName: api
servicePort: 443
---
Note: The API extensions/v1beta1 was deprecated on Kubernetes 1.16. Consider migrating to networking.k8s.io/v1beta1.
I have an helm chart serving an Mediawiki using apache. Internally it does so from /wiki.
I'd like to run multiply instances and externally reach it from /something-wiki, /other-wiki and so on.
So in other words I'd like to have my ingress controller react to one path and internally go to another path.
I tried the below but it just sends a 301 (moved permanently) which doesn't work since the folder doesn't exists.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /wiki
name: wiki-environment-erst-env
namespace: wiki
spec:
rules:
- host: aks-dev.something.com
http:
paths:
- backend:
serviceName: erst-wiki-package
servicePort: 80
path: /erst-wiki
tls:
- hosts:
- aks-dev.something.com
secretName: erst-tls-secret
Any ideas?
If I understand correctly, regexp redirection might work. And the wiki configuration should be handled accordingly.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/use-regex: true
name: wiki-environment-erst-env
namespace: wiki
spec:
rules:
- host: aks-dev.something.com
http:
paths:
- backend:
serviceName: erst-wiki-package
servicePort: 80
path: /erst-wiki/.*
tls:
- hosts:
- aks-dev.something.com
secretName: erst-tls-secret
Using the Nginx Ingress Controller, we would like to expose different paths of a Kubernetes service, with different security requirements.
/ is open to the public
/white-list only allows connections from a specific IP Address
/need-key requires an API key
I'm running in AWS EKS. Kubernetes version is as follows:v1.12.6-eks-d69f1b.
If we use Annotations, they apply to the entire service. Ideally I would like to apply an Annotation only to a path.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myServiceA
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myServiceA.foo.org
http:
paths:
- path: /
backend:
serviceName: myServiceA
servicePort: 80
- path: /white-list
backend:
serviceName: myServiceA
servicePort: 80
**NEED SOMETHING HERE TO WHITELIST**
- path: /need-key
backend:
serviceName: myServiceA
servicePort: 80
**NEED SOMETHING HERE TO USE API-KEY**
The results I've been having end up applying to all the paths.
I can live without API-Key as I can code that out, but ideally, I'd rather have it managed outside of the container.
Has anyone accomplished this with NGINX Ingress controller?
To apply annotation for each path, you could write one ingress rule for each path you want to apply. Nginx Ingress Controller will collect those ingress rules by itself and apply accordingly.
For example:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myServiceA-root
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: myServiceA.foo.org
http:
paths:
- path: /
backend:
serviceName: myServiceA
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myServiceA-white-list
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/whitelist-source-range: X.X.X.X/32
spec:
rules:
- host: myServiceA.foo.org
http:
paths:
- path: /white-list
backend:
serviceName: myServiceA
servicePort: 80
...