skip to Main Content

In my Azure AKS cluster I was defined namespace dev with some services.My idea is connect to them from React static app under SSL.For this reason I maded Ingress controller with certificate manager. The controller was work properly but with one unexpected bug.I use my own domain with DNS Zone and records.The idea is when I go to qa.mysite.com , ingress must go to payment-svc "/api/health" and if /web go to web-svc "/".The problem is that when I use path Prefix with "/" the controller does not route to any related service.The route only happens when I use deafult prefix "/".The error is Not Found for Nginx or browser not found

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-portals
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  tls:
    - hosts:
      - qa.mysite.com # update IP address here
      secretName: app-web-cert
  rules:
  - host: qa.mysite.com # update IP address here
    http:
      paths:
      - path: /web  # I tried with a lot of services and prefixes but same result
        pathType: Prefix
        backend:
          service:
            name: webapp1-svc # After I tried with the same service payment-servive but not work on qa.mysite.com/web/api/health
            port: 
              number: 80
      - path: /  # The route works only here qa.mysite.com/api/health
        pathType: Prefix
        backend:
          service:
            name: payment-service
            port: 
              number: 80
  • qa.mysite.com/api/healt works in this service I have endpoint /api/health

  • qa.mysite.com/web or anything else /health qa.mysite.com/web/api/health …. did not

2

Answers


  1. have you tried using the ‘default-backend’

    (https://kubernetes.io/docs/concepts/services-networking/ingress/#default-backend) , this way you can remove the ‘/’ path and only keep the /web all the other request including the default fqdn will hit the default back-end service. something like below, provided that you have both of services on the same namespace

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: ingress-portals
      annotations:
        kubernetes.io/ingress.class: nginx
        cert-manager.io/cluster-issuer: letsencrypt
    spec:
      tls:
        - hosts:
            - qa.mysite.com
          secretName: app-web-cert
      defaultBackend:
        service:
          name: payment-service
          port:
            number: 80
      rules:
        - host: qa.mysite.com
          http:
            paths:
              - path: /web
                pathType: Prefix
                backend:
                  service:
                    name: webapp1-svc
                    port:
                      number: 80
    
    Login or Signup to reply.
  2. The path specified in the ingress is passed to the service in its entirety. So, your webapp1-svc should support endpoints starting /web. However, most likely you do not.

    So, alternative is to rewrite the url when sending requests to webapp1-svc.
    Thus you have one ingress definition which sends requests to payment-service (and does not rewrite URLs).

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: ingress-portals-payments
      annotations:
        kubernetes.io/ingress.class: nginx
        cert-manager.io/cluster-issuer: letsencrypt
    spec:
      tls:
        - hosts:
          - qa.mysite.com
          secretName: app-web-cert
      rules:
      - host: qa.mysite.com
        http:
          paths:
          - path: /  
            pathType: Prefix
            backend:
              service:
                name: payment-service
                port: 
                  number: 80
    

    And a second one which rewrites URLs to webapp1-svc. It will remove the preceding /web when sending requests to webapp1-svc.

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: ingress-portals-web
      annotations:
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/rewrite-target: /$2
        nginx.ingress.kubernetes.io/use-regex: "true"
        cert-manager.io/cluster-issuer: letsencrypt
    spec:
      tls:
        - hosts:
          - qa.mysite.com 
          secretName: app-web-cert
      rules:
      - host: qa.mysite.com 
        http:
          paths:
          - path: /web(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: webapp1-svc 
                port: 
                  number: 80
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search