In my Kubernetes Cluster i have some challenges with the Ingress. As example i installed NodeRed und the Nginx-ingress via Helm. NodeRed is available via
FQDN: http://my.server.name:31827
IP: http://10.x.x.x:31827
Now i created an Ingress:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nr-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- secretName: tls-secret1
hosts:
- my.server.name
rules:
- host: my.server.name
http:
paths:
- path: /nr
backend:
serviceName: my-nodered-node-red
servicePort: 1880
When i do a Get http://my.server.name/nr i see only parts working, see the screenshot:
It looks to me, that i missed the reverse proxy settings. Normally i would place those things in a reverse proxy setting in the nginx like this. But this is not possible because i am using the Nginx-ingress.
location / {
proxy_pass http://localhost:1880/;
}
But i do not know how to do that in Kubernetes ? What do i miss ? kubernetes version is 1.14.1.
I haven't used it so I'm not sure if it helps, but you might want to try adding an annotation for Proxy redirect.
With the annotations nginx.ingress.kubernetes.io/proxy-redirect-from and nginx.ingress.kubernetes.io/proxy-redirect-to it is possible to set the text that should be changed in the Location and Refresh header fields of a proxied server response
Setting "off" or "default" in the annotation nginx.ingress.kubernetes.io/proxy-redirect-from disables nginx.ingress.kubernetes.io/proxy-redirect-to, otherwise, both annotations must be used in unison. Note that each annotation must be a string without spaces.
By default the value of each annotation is "off".
Also you can use ConfigMap for customizing your Nginx configuration.
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data:
http-snippet: |
location = / {
proxy_pass http://localhost:1880/;
}
Or server-snippets annotation for your Ingress:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nr-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/server-snippet: |
location = / {
proxy_pass http://localhost:1880/;
}
spec:
tls:
- secretName: tls-secret1
hosts:
- my.server.name
rules:
- host: my.server.name
http:
paths:
- path: /nr
backend:
serviceName: my-nodered-node-red
servicePort: 1880
I hope this helps.
Maybe too late for the answer, but I had the same problem and solve it:
1-changed httpRoot: '/nr' in node red settings.xml configuration file (in kubernetes, probably defined in a PV) (#vasili-angapov mentions)
2- set ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nodered-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- http:
paths:
- path: /nr
pathType: Prefix
backend:
service:
name: nodered
port:
number: 1880
It looks like your static content is still using root path prefix, you can verify that using browser developer console. Common applications should have a configuration to understand that they are running on non-root path prefix. You should find that configuration option in your application and configure it properly. Nginx ingress has nothing to do with this error.
Related
my current ingress configuration is:
apiVersion: "networking.k8s.io/v1"
kind: "Ingress"
metadata:
name: "app-ingress"
annotations:
kubernetes.io/ingress.global-static-ip-name: "app-external-ip"
kubernetes.io/ingress.class: "gce"
spec:
tls:
- hosts:
- "example.app"
secretName: "app-tls"
rules:
- host: "example.app"
http:
paths:
- path: "/"
pathType: "Prefix"
backend:
service:
name: "app-service"
port:
number: 80
now i struggle with not HSTS enabled. I can enter example.app with http and https protocol, but i want to strict it to https only. I tried:
using nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - still http available
using kubernetes.io/ingress.allow-http: "false" - creates google managed certificate (im using self signed one app-tls) which makes ssl cert error in browser.
I'm pretty sure second one should be the option and i'm doing something wrong or misconfigure something.
Your ingress class is GCE and might be using the GCE ingress so Nginx annotation should not work.
So you have to create the
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: my-frontend-config
spec:
redirectToHttps:
enabled: true
responseCodeName: MOVED_PERMANENTLY_DEFAULT
Read more at : Doc ref
I need to service gitlab, nexus and jupyterhub based on URL using one open port using k8s ingress.
If the path is written as "/" when create ingress, it works normally, but if you write "/nexus" like this, a problem occurs during the redirection process.
Have any of you solved the same problem? Please help.
my ingress.yaml as below
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
creationTimestamp: "2022-04-06T05:56:40Z"
generation: 7
name: nexus-ing
namespace: nexus
resourceVersion: "119075924"
selfLink: /apis/extensions/v1beta1/namespaces/nexus/ingresses/nexus-ing
uid: 4b4f97e4-225e-4faa-aba3-6af73f69c21d
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
serviceName: nexus-service
servicePort: 8081
path: /nexus(/|$)(.*)
pathType: ImplementationSpecific
status:
loadBalancer:
ingress:
- ip: 172.30.1.87
That's a problem with nexus itself. Your ingress works as intended, and you cannot do more from this side.
The problem here is that nexus webpage, i.e. index.html, requests resources in such a way that it's looking at the wrong place. You can see this by opening the network tab and inspecting the request URL of the missing statics.
To see what I mean, let's examine the below HTML image tags.
<img id="1" src="./statics/some-image.svg" alt="some image" />
<img id="2" src="/statics/some-image.svg" alt="some image" />
You can see that the first one, is using relative path, and would work with your configuration since the request URL would be relative to the location in the browser and then the nexus part gets stripped by the ingress controller.
However, the second one is using absolute path, so it will not have the nexus part in the request URL and the ingress controller will not be able to route it to the correct service.
This is a common problem when stripping path prefixes. It only works fully when the application you are serving when stripping a prefix is correctly configured.
In your case this means, checking the documentation of the services, if you have any way to influence this.
It may be more straight forward to route based on hostname instead of path. I.e nexus.myhost.com. For that, you would need a domain and point the corresponding A records to your ingress services IP / use a wildcard record.
I solve this problem by myself
I edited my pc hosts file
172.30.1.87 nexus.k8s.io
172.30.1.87 gitlab.k8s.io
I edited each Ingress in same service namespace
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
namespace: nexus
spec:
ingressClassName: nginx
rules:
- host: nexus.k8s.io
http:
paths:
- backend:
serviceName: nexus-service
servicePort: 8081
path: /
status:
loadBalancer:
ingress:
- ip: 172.30.1.87
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
name: gitlab-ingress
namespace: gitlab
spec:
ingressClassName: nginx
rules:
- host: gitlab.k8s.io
http:
paths:
- backend:
serviceName: gitlab-webservice
servicePort: 8181
path: /
status:
loadBalancer:
ingress:
- ip: 172.30.1.87
connect test
ingress Hostname + ingress Controller Nodeport
I’m trying to redirect the incoming connections with an ingress of a cluster created in IBM Cloud.
I’m able to successfully set up the ingress and contact the pod.
However, when the connection reaches the endpoint
http://app1.myaddress.cloud/test1
is not rewrited to the right pod url ( The path still contains the /test1 and I want to remove that part).
Do you have any idea how to solve the issue?
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- app1.myaddress.cloud
secretName: myclustername
rules:
- host: app1.myaddress.cloud
http:
paths:
- path: /test
backend:
serviceName: hello-world-service-1
servicePort: 30001
I found the official IBM Cloud tutorial here.
https://cloud.ibm.com/docs/containers?topic=containers-ingress_annotation
I need to set a custom error in traefik ingress on kubernetes so that when there is no endpoint or when the status is "404", or "[500-600]" it redirects to another error service or another custom error message I used the annotation as it's in the documentation in the ingress file as this (Note: this a helm template output of passing the annotation as a yaml in the values.yaml file)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend
namespace: "default"
annotations:
external-dns.alpha.kubernetes.io/target: "domain.com"
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/error-pages: "map[/:map[backend:hello-world status:[502 503]]]"
spec:
rules:
- host: frontend.domain.com
http:
paths:
- backend:
serviceName: frontend
servicePort: 3000
path: /
The answer by ldez is correct, but there are a few caveats:
First off, these annotations only work for traefik >= 1.6.x (earlier versions may support error pages, but not for the kubernetes backend)
Second, the traefik backend must be configured through kubernetes. You cannot create a backend in a config file and use it with kubernetes, at least not in traefik 1.6.x
Here's how the complete thing looks like. foo is just a name, as explained in the other answer, and can be anything:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend
namespace: "default"
annotations:
external-dns.alpha.kubernetes.io/target: "domain.com"
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/error-pages: |-
foo:
status:
- "404"
- "500"
# See below on where "error-pages" comes from
backend: error-pages
query: "/{{status}}.html"
spec:
rules:
# This creates an ingress on an non-existing host name,
# which binds to a service. As part of this a traefik
# backend "error-pages" will be created, which is the one
# we use above
- host: error-pages
http:
paths:
- backend:
serviceName: error-pages-service
servicePort: https
- host: frontend.domain.com
http:
# The configuration for your "real" Ingress goes here
# This is the service to back the ingress defined above
# Note that you can use anything for this, including an internal app
# Also: If you use https, the cert on the other side has to be valid
---
kind: Service
apiVersion: v1
metadata:
name: error-pages-service
namespace: default
spec:
ports:
- name: https
port: 443
type: ExternalName
externalName: my-awesome-errors.mydomain.test
If you use this configuration, and your app sends a 404, then https://my-awesome-errors.mydomain.test/404.html would be shown as the error page.
The correct syntax is:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend
namespace: "default"
annotations:
external-dns.alpha.kubernetes.io/target: "domain.com"
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/error-pages: |-
foo:
status:
- "404"
backend: bar
query: /bar
fii:
status:
- "500-600"
backend: bar
query: /bir
spec:
rules:
- host: frontend.domain.com
http:
paths:
- backend:
serviceName: frontend
servicePort: 3000
path: /
https://docs.traefik.io/v1.6/configuration/backends/kubernetes/#general-annotations
Note that, currently, the Helm Charts doesn't support this feature.
Ingress does not support that annotations that you guys are using there!
That annotations are supported with Service only, Ingress is using host section.
Is it possible to have a fallback service for Kubernetes ingresses in the event that none of the normal pods are live/ready? In other words, how would you go about presenting a friendly "website down" page to visitors if all pods crashed or went down somehow?
Right now, a page appears that says "default backend - 404" if that happens.
Here's what we tried, to no avail:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
spec:
backend:
serviceName: website-down-service
servicePort: 80
rules:
- host: example.com
http:
paths:
- path: /
backend:
serviceName: example-service
servicePort: 80
For reference, we're testing locally with Minikube and deploying to the cloud on Google's Container Engine.
If using Nginx then default backend annotation should do the trick, sample:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-name
namespace: your-namespace
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/default-backend: fallback-backend
spec:
<your spec here>
For the Nginx Ingress Controller there is a flag --default-backend-service, which currently points to the service showing the "default backend - 404" message. Just replace it with the service you want. See https://github.com/kubernetes/ingress/tree/master/controllers/nginx#command-line-arguments
If you're using another Ingress Controller, I expect it to have a similar option.