-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Convert multiple path rewrite rules from default.conf to ingress-nginx.yaml #11456
Comments
This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/remoe-kind bug |
I tried to change them to Prefix, Exact or ImplementationSpecific, but it still doesn't work. Thanks for your suggestion! I did have a look at the nginx.conf file and it's weird that the location blocks are something like below:
For more details:
While the following server block is something like this for backend:
|
/remove-kind bug Factors at play are ;
I think you should try ;
|
... or merge your Ingress resources into a single one as this would make it clearer, especially because some annotations/configurations affect not only a single path but all locations of that host in the resulting |
Sorry that I don't get what you meant! Could you please share more details about your idea? Actually, I did try to merge into one central Ingress, but I couldn't make it worked with the rewrite-target for all paths. |
I replaced the configuration-snippets with rewrite-target, but I got the same issue.
It would be better if I could use one domain for all backend services behind the Ingress Controller. Because there are a lot of backend pods/services in the architecture, using the same FQDN facing to the Internet users. |
I suggested that you use different fqdn for each backend service/pod because it is the most commonly used approach after many man-hours of trial & error. @Gacko suggested the alternative to organize your rules in one ingress as that is the other best-practice. You have created a sceneario where you want to have common hostname and also the beginning part of the path as common among different microservices. That is just bad-design AFAIK. If you had a unique FIRST part like /app, /api1, /api2, /api2, /api3 etc etc. , even that would make @Gacko's suggestion work for you. Instead I see that you have |
@longwuyuan I agreed with you that the design is not good enough and not optimal. It would be better if the path is unique or just different from each other. But in the technical point of view, it's weird to me that kind of default.conf file of NGINX reverse proxy works on both of Azure Container Apps (Envoy proxy) and Azure App Services (Docker Compose). I think there is something needed to adjust for making the Ingress Controller worked. |
|
Thanks for your reply! It helps me a lot. And yes, I was thinking the same that the root path might override the other paths, so then I did test one by one. The test result was that I could reach to the /app and other /component/component1=>4, but there was no traffic to the /app/api pod. I'm wondering how it could work well on the other platforms like ACA and App Services. |
Not true, see https://nginx.org/en/docs/http/ngx_http_core_module.html#location. Prefix locations are checked, the longest match is remembered, then regex locations are check in order (sorted by ingress-nginx by length reverse). First regex match wins, otherwise longest remembered prefix is chosen. This works: kind create cluster
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/http-svc.yaml
cat << EOF | kubectl apply -f -
apiVersion: v1
data:
X-Ingress-Name: \$ingress_name
kind: ConfigMap
metadata:
name: proxy-headers
namespace: ingress-nginx
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
proxy-set-headers: "ingress-nginx/proxy-headers"
kind: ConfigMap
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
EOF
kubectl apply -f ingresses.yaml ingresses.yamlapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-root
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/proxy-buffer-size: "256k"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/client-max-body-size: "100m"
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: http-svc
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-app
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /app/(.*) /$1 break;
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /app/
pathType: Prefix
backend:
service:
name: http-svc
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-api
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /api/(.*) /$1 break;
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /app/api
pathType: Prefix
backend:
service:
name: http-svc
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-component1
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /component/component1(@0.0)?/?(.*) /$2 break;
proxy_set_header X-Forwarded-Host $host;
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /component/component1(@0.0)?
pathType: ImplementationSpecific
backend:
service:
name: http-svc
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-component2
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /component/component2(@0.0)?/?(.*) /$2 break;
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /component/component2(@0.0)?
pathType: ImplementationSpecific
backend:
service:
name: http-svc
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-component3
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /component/component3(@0.0)?/?(.*) /$2 break;
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /component/component3(@0.0)?
pathType: ImplementationSpecific
backend:
service:
name: http-svc
port:
number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-component4
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite /component/component4-([^@]*?)(@0.0)?/?(.*) $1/$3 break;
spec:
ingressClassName: nginx
rules:
- host: example.com
http:
paths:
- path: /component/component4-[^@]*?(@0.0)?
pathType: ImplementationSpecific
backend:
service:
name: http-svc
port:
number: 80 POD_NAME=$(kubectl get pods -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx -l app.kubernetes.io/component=controller -o NAME)
# ingress-nginx-root
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/ | grep x-ingress-name
# ingress-nginx-app
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/app/ | grep x-ingress-name
# ingress-nginx-api
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/app/api | grep x-ingress-name
# ingress-nginx-component1
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/component/component1 | grep x-ingress-name
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/component/[email protected] | grep x-ingress-name
# ingress-nginx-component2
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/component/component2 | grep x-ingress-name
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/component/[email protected] | grep x-ingress-name
# ingress-nginx-component4
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/component/component4- | grep x-ingress-name
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/component/component4-asdf | grep x-ingress-name
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/component/[email protected] | grep x-ingress-name
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: example.com' http://localhost/component/[email protected] | grep x-ingress-name Some notes:
|
@crinjes thanks for pointing out. @vienleidl plz update if the comments from @crinjes solves your problem. |
You gave me a hope and I'm happy to hear that😊. I've already set up as your suggestion. But I have a question about the $ingress_name in the ingresses.yaml file. Should I repalce it with something? After applied, all ingress resources are pointed to the private IP address and the port 80 instead of the public IP and the port 8080. And it seems to me that it doesn't work. The error of web browser is ERR_CONNECTION_CLOSED
|
all responses are from same pod with ip 10.0.8.16. expected result is response from different pods |
This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach |
What happened:
I'm trying to convert the NGINX configuration file of a nginx reverse proxy container in Azure Container Apps (ACA) to the ingress-nginx for Kubernetes on Azure Kubernetes Service (AKS). The nginx container works well on ACA with the default.conf file.
However, when converting to ingress-nginx.yaml file, it seems to me that the ingress-nginx doesn't route the traffic to the api service while hitting the http://example.southeastasia.cloudapp.azure.com/app/api. So, I don't see any incoming requests to the api pod in its logs.
What you expected to happen:
I guess the route to /app overrides the /app/api. It means the ingress-nginx controller sends all requests with the path /app/api to the app service only. But I'm not sure if my ingress-nginx.yaml is correct for making it worked as expected.
NGINX Ingress controller version:
Kubernetes version:
Environment:
uname -a
): n/aHow to reproduce this issue:
Create a new AKS cluster on Azure:
A public AKS cluster has 2 node pools with Azure CNI (overlay) network and the new namespace is ingress-nginx.
Using helm to install the Ingress Controller
Create needed ingress resources with one-stop-shop YAML file:
Anything else we need to know:
default.conf
server {
listen 80;
server_name nginx.xxx-xxx.southeastasia.azurecontainerapps.io;
client_max_body_size 0;
}
The text was updated successfully, but these errors were encountered: