I want to prevent unsafe requested to reach my application running in GCP GKE with Google Ingress (not nginx) and trying to do this using path rules.
I know nginx Ingress can configure paths using regex but I don know the best way to do with Google Ingress.
Right now I am just duplicating the same rules change the path prefix like this:
spec:
rules:
- http:
paths:
- backend:
service:
name: my-api-service
port:
number: 80
path: /api
pathType: Prefix
- backend:
service:
name: my-api-service
port:
number: 80
path: /auth
pathType: Prefix
- backend:
service:
name: my-api-service
port:
number: 80
path: /admin
pathType: Prefix
Is there a better way to do this?
2
Answers
Everything you’re looking for is covered in this document. As GKE ingress is essentially a GCP Load Balancer, the
pathkey is using aurl-mapto configure and route the traffic to what you’ve specified in the config. As you’d be able to see there, regexs are not allowed inPathkeys.One option if you’re using Helm is to make use of the templates to generate this automatically from a variable. Given the following variable in your
values.yamlfile:Then in your ingress YAML definition you can do the following:
In GKE ingress regex is not allowed in paths as it is using the
url-mapto configure GCP Load Balancers. Only wildcard allowed in paths is*. We cannot use any other wildcards in the path key.So you can try like this
(or)
You can use the default backend services to route the traffic to the single service like in this document
You can give a try by changing the annotation like mentioned in this SO.
There are other similar SO’s SO1 SO2.