I’m trying to redirect the incoming connections with an ingress of a cluster created in IBM Cloud.
I’m able to successfully set up the ingress and contact the pod.
However, when the connection reaches the endpoint
http://app1.myaddress.cloud/test1
is not rewrited to the right pod url ( The path still contains the /test1 and I want to remove that part).
Do you have any idea how to solve the issue?
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- app1.myaddress.cloud
secretName: myclustername
rules:
- host: app1.myaddress.cloud
http:
paths:
- path: /test
backend:
serviceName: hello-world-service-1
servicePort: 30001
I found the official IBM Cloud tutorial here.
https://cloud.ibm.com/docs/containers?topic=containers-ingress_annotation
Related
I need to service gitlab, nexus and jupyterhub based on URL using one open port using k8s ingress.
If the path is written as "/" when create ingress, it works normally, but if you write "/nexus" like this, a problem occurs during the redirection process.
Have any of you solved the same problem? Please help.
my ingress.yaml as below
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
creationTimestamp: "2022-04-06T05:56:40Z"
generation: 7
name: nexus-ing
namespace: nexus
resourceVersion: "119075924"
selfLink: /apis/extensions/v1beta1/namespaces/nexus/ingresses/nexus-ing
uid: 4b4f97e4-225e-4faa-aba3-6af73f69c21d
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
serviceName: nexus-service
servicePort: 8081
path: /nexus(/|$)(.*)
pathType: ImplementationSpecific
status:
loadBalancer:
ingress:
- ip: 172.30.1.87
That's a problem with nexus itself. Your ingress works as intended, and you cannot do more from this side.
The problem here is that nexus webpage, i.e. index.html, requests resources in such a way that it's looking at the wrong place. You can see this by opening the network tab and inspecting the request URL of the missing statics.
To see what I mean, let's examine the below HTML image tags.
<img id="1" src="./statics/some-image.svg" alt="some image" />
<img id="2" src="/statics/some-image.svg" alt="some image" />
You can see that the first one, is using relative path, and would work with your configuration since the request URL would be relative to the location in the browser and then the nexus part gets stripped by the ingress controller.
However, the second one is using absolute path, so it will not have the nexus part in the request URL and the ingress controller will not be able to route it to the correct service.
This is a common problem when stripping path prefixes. It only works fully when the application you are serving when stripping a prefix is correctly configured.
In your case this means, checking the documentation of the services, if you have any way to influence this.
It may be more straight forward to route based on hostname instead of path. I.e nexus.myhost.com. For that, you would need a domain and point the corresponding A records to your ingress services IP / use a wildcard record.
I solve this problem by myself
I edited my pc hosts file
172.30.1.87 nexus.k8s.io
172.30.1.87 gitlab.k8s.io
I edited each Ingress in same service namespace
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
namespace: nexus
spec:
ingressClassName: nginx
rules:
- host: nexus.k8s.io
http:
paths:
- backend:
serviceName: nexus-service
servicePort: 8081
path: /
status:
loadBalancer:
ingress:
- ip: 172.30.1.87
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
name: gitlab-ingress
namespace: gitlab
spec:
ingressClassName: nginx
rules:
- host: gitlab.k8s.io
http:
paths:
- backend:
serviceName: gitlab-webservice
servicePort: 8181
path: /
status:
loadBalancer:
ingress:
- ip: 172.30.1.87
connect test
ingress Hostname + ingress Controller Nodeport
I'm having trouble getting my client container talking to the API container, I was hoping to use a fanout ingress as so:
foo.bar.com/api - routes to API container
foo.bar.com - routes to client container
My setup does render the client no problem, but all calls to the API result in 404s - so it's obviously not working. I think the 404 behaviour is a red herring, it's probably looking for Angular routes that match /api and can't find any, I don't think the routing is even happening. My Ingress yaml is below, I can share any other parts of the config if needed. Any pointers much appreciated!
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: foo-bar
name: foo-bar-ingress
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
spec:
tls:
- hosts:
- foo.bar.com
secretName: tls-secret-prod
rules:
- host: foo-bar.com
http:
paths:
- backend:
serviceName: server
servicePort: 3000
path: /api
- backend:
serviceName: client
servicePort: 80
path: /
As suggested by #HelloWorld in the comments, checking the api server routes revealed the issue to be misconfigured routing in the server not the ingress rules.
In my Kubernetes Cluster i have some challenges with the Ingress. As example i installed NodeRed und the Nginx-ingress via Helm. NodeRed is available via
FQDN: http://my.server.name:31827
IP: http://10.x.x.x:31827
Now i created an Ingress:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nr-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- secretName: tls-secret1
hosts:
- my.server.name
rules:
- host: my.server.name
http:
paths:
- path: /nr
backend:
serviceName: my-nodered-node-red
servicePort: 1880
When i do a Get http://my.server.name/nr i see only parts working, see the screenshot:
It looks to me, that i missed the reverse proxy settings. Normally i would place those things in a reverse proxy setting in the nginx like this. But this is not possible because i am using the Nginx-ingress.
location / {
proxy_pass http://localhost:1880/;
}
But i do not know how to do that in Kubernetes ? What do i miss ? kubernetes version is 1.14.1.
I haven't used it so I'm not sure if it helps, but you might want to try adding an annotation for Proxy redirect.
With the annotations nginx.ingress.kubernetes.io/proxy-redirect-from and nginx.ingress.kubernetes.io/proxy-redirect-to it is possible to set the text that should be changed in the Location and Refresh header fields of a proxied server response
Setting "off" or "default" in the annotation nginx.ingress.kubernetes.io/proxy-redirect-from disables nginx.ingress.kubernetes.io/proxy-redirect-to, otherwise, both annotations must be used in unison. Note that each annotation must be a string without spaces.
By default the value of each annotation is "off".
Also you can use ConfigMap for customizing your Nginx configuration.
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app: ingress-nginx
data:
http-snippet: |
location = / {
proxy_pass http://localhost:1880/;
}
Or server-snippets annotation for your Ingress:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nr-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/server-snippet: |
location = / {
proxy_pass http://localhost:1880/;
}
spec:
tls:
- secretName: tls-secret1
hosts:
- my.server.name
rules:
- host: my.server.name
http:
paths:
- path: /nr
backend:
serviceName: my-nodered-node-red
servicePort: 1880
I hope this helps.
Maybe too late for the answer, but I had the same problem and solve it:
1-changed httpRoot: '/nr' in node red settings.xml configuration file (in kubernetes, probably defined in a PV) (#vasili-angapov mentions)
2- set ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nodered-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- http:
paths:
- path: /nr
pathType: Prefix
backend:
service:
name: nodered
port:
number: 1880
It looks like your static content is still using root path prefix, you can verify that using browser developer console. Common applications should have a configuration to understand that they are running on non-root path prefix. You should find that configuration option in your application and configure it properly. Nginx ingress has nothing to do with this error.
We have a k8s cluster with an nginx Ingress and Minio installed. In Minio I have a bucket called tester with a hello world index.html file. I used the Minio MC client to set the tester bucket to public. Now I am able to see the hello world file when I visit my (altered) minio url like so: https://minio.example.com/tester/index.html.
My goal is to set up an Ingress resource to access the public bucket. Here is my manifest to try and do so, however I only ever get a 404 error . . .
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend-site
namespace: "default"
labels:
type: "frontend"
awesomeness: "super-mega"
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: app.example.com
http:
paths:
- path: /tester/
backend:
serviceName: minio-svc
servicePort: 9000
- path: /tester/*
backend:
serviceName: minio-svc
servicePort: 9000
tls:
- hosts:
- app.example.com
secretName: ssl-certs
I have also tried to set the paths with the index fileto no avail like so:
path: /tester/index.html
path: /tester/index.html/*
I do have another Ingress which points to Minio in general and it works perfect at the url like minio.example.com. The minio has a service called minio-svc on port 9000.
Unfortunately I have only ever received a 404 from my Ingress thus far. Anyone else deploying static sites with Ingress to public Minio bucket? What am I doing wrong???
Updates
So I kind of got somewhere. I added an annotation and set the paths to simply / and /*.
Here is my new config:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend-site
namespace: "default"
labels:
type: "frontend"
awesomeness: "super-mega"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /tester/index.html
spec:
rules:
- host: app.example.com
http:
paths:
- path: /
backend:
serviceName: minio-svc
servicePort: 9000
- path: /*
backend:
serviceName: minio-svc
servicePort: 9000
tls:
- hosts:
- app.example.com
secretName: ssl-certs
Now I just get access denied from Minio even though the bucket is public and I can still access from https://minio.example.com/tester/index.html!?
Found out you can't do what I'm asking very easily. I got around it all by simply mounting the directory from the bucket directly to Nginx. Voila!
Is there anyway to filter on source-ip on the kubernetes ingress in GCE? I have tried the ingress.kubernetes.io/whitelist-source-range: but doesnt seems to be working in GCE.
I guess You are trying to use this feature with GCE native controller instead NGINX? This works with NGINX only at the moment.
NGINX Controller configuration: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md
Example configuration of ingress :
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: whitelist
annotations:
ingress.kubernetes.io/whitelist-source-range: "1.1.1.1/24"
spec:
rules:
- host: whitelist.test.net
http:
paths:
- path: /
backend:
serviceName: webserver
servicePort: 80