none
Azure AKS Ingress Rule. RRS feed

  • Question

  • Hi,

    I have .net Framework(4.6) based Web API service. i am hosting them in azure AKS.

    I am using nignix and  written  Ingress Rule  like this.

    host: abc.com
        http:
         paths:
          - path: /EmailAPI
            backend:
              serviceName: esolvitemailapi-svc
              servicePort: 80

    Now My web api is expecting URl 

    http://service/api/controller/action

    But i think Ingres in sending the URI as 

    http://service/EmailAPI/api/controller/action

    and i am getting 404 Error.

    what is the best way to handle it.  i don't want to do code change by doing  [RoutePrefix("IdentityAPI/api")]

    there are couple of apis and its big solution so it may break.

    is there any think i can handle it at configuration level.


    Monday, July 29, 2019 11:24 AM

All replies

  • Hi Somnath,

    The best way to handle this is to add a annotation in the ingress.

    You can use a annotation in the ingress to rewrite the target.

    For example:

    nginx.ingress.kubernetes.io/rewrite-target: /$2

    Below  example works for Nginx ingress controller verison greater than or equal to 0.22.0.

    For earlier version you need to provide the actual string in the place of $2 in the annotation value. I recommend you to use the latest version.

    With this your example turns into

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      annotations:
        nginx.ingress.kubernetes.io/rewrite-target: /$2
      name: EmailAPIIngress
    spec:
      rules:
      - host: abc.com
        http:
          paths:
          - backend:
              serviceName: esolvitemailapi-svc
              servicePort: 80
            path: /EmailAPI(/|$)(.*)	

    The $2 mentioned in the annotation value refers to the "(.*)" part in the path. These  are called as capture groups in regex. we are using the second group.

    (/|$) in the path refers to $1. We dont need to rewrite the first group.

    Here we are asking the nginx to rewrite the path value to $2(ie "(.*)"). anything other than EmailAPI will be added to the path and sent to the underlying service.

    so the request to http://abc.com/EmailAPI turns  into http://yourservice/

    http://abc.com/EmailAPI/api/ turns  into http://yourservice/api

    Complete example is given in Github

    Let me know if you need more info


    Wednesday, July 31, 2019 8:57 AM
    Moderator
  • Hi Thanks for reply.

     i think this redirecting to the default backend only.
    this is my ingress rule by default i wanted my request to go to the front end service but when i call the apis from front end it should go to the respective service.

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: ingress-dev
    annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    kubernetes.io/ingress.class: "nginx"
    spec:
    rules:

    • host: abc.com
      http:
      paths:
      • path: /EmailAPI/
        backend:
        serviceName: s1-svc
        servicePort: 80
      • path: /IdentityAPI/
        backend:
        serviceName: s2-svc
        servicePort: 80
      • path: /ProfileAPI
        backend:
        serviceName: s3-svc
        servicePort: 80
      • backend:
        serviceName: front--svc
        servicePort: 80
    Thursday, August 1, 2019 3:33 AM
  • HI,

    If you want to call s1-svc from the frontend service, You can directly call them without using ingress.

    You can directly call like http://s1-svc/api/controller/action from frontend service. Recommended way is to get the service names as environment variables in the forntend service and then use those names to construct the url.

    Are you using ingress for service to service communication as well?

    You can use ingress if you want to call from outside of the cluster.

    As per your example shown in the above comment, I hope you are calling the the s1-svc from front-svc using the below url.

    http://abc.com/EmailAPI/api/controller/action

    Then as per the rule it will be rewritten to http://abc.com/. you need to use the regex model as shown in the first comment. By that way the above url will be redirected to s1-svc as shown below.

    http://s1-svc/api/controller/action 

    Let me know your comments.



    Thursday, August 1, 2019 5:22 AM
    Moderator
  • sorry for the confusion.  here frontent svc mean a angular app.  and i am doing all the call from browser outside the cluster.

    http://abc.com is angular app

    this will call 

    http://abc.com/EmailAPI/api/controller/action

    http://abc.com/IdentityAPI/api/controller/action

    http://abc.com/ProfileAPI/api/controller/action

    earlier this was hoted in IIS as web app and it was working.

     
    Thursday, August 1, 2019 7:07 AM
  • Thanks for the details.

    Then you want the call to the ingress with the below url

    http://abc.com/EmailAPI/api/controller/action

    to go as 

    http://s1-svc/api/controller/action to the service s1-svc right


    Please confirm
    Thursday, August 1, 2019 8:19 AM
    Moderator
  • yes you are correct.
    Thursday, August 1, 2019 8:20 AM
  • Hi,

    You can create 2 ingress. I tested this in my local cluster and it works well. I have installed nginx ingress controller with helm. With single ingress, its not working because its redirecting all the urls. 

    Let me know your nginx version.

    Ingress to create are shown below:

    • One for the front-svc which dont need redirection.
    • Other for all the other apps which needs redirection

    Sample for the front-svc ingress.

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      name: fromt-end-ingress
      annotations:
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/ssl-redirect: "false"
    spec:
      rules:
      - host: abc.com
        http:
          paths:
          - backend:
              serviceName: front-svc
              servicePort: 80
            path: /

    Sample for the other services

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
      name: other-services
      annotations:
        kubernetes.io/ingress.class: nginx
        nginx.ingress.kubernetes.io/ssl-redirect: "false"
        nginx.ingress.kubernetes.io/rewrite-target: /$2
    spec:
      rules:
      - host: abc.com
        http:
          paths:
          - backend:
              serviceName: s1-svc
              servicePort: 80
            path: /EmailAPI(/|$)(.*)
          - backend:
              serviceName: s2-svc
              servicePort: 80
            path: /IdentityAPI(/|$)(.*)        

    with the above configuration,

    below urls will be modified like this.

    http://abc.com/EmailAPI/api/controller/route to http://s1-svc/api/controller/route
    http://abc.com/IdentityAPI/api/controller/route to http://s2-svc/api/controller/route
    
    
    http://abc.com/ to http://front-svc/api/controller/route
    
    http://abc.com/anything-other-than-EmailAPI-or-IdentityAPI to http://front-svc/text-from-the-source-url

    Try this out and let me know.

    For the benefit of the community, Also click on "mark as answer" for all the replies which helped you to solve your issue.

    Thursday, August 1, 2019 12:21 PM
    Moderator
  • Thanks  i will try this.
    • Edited by som nath Thursday, August 1, 2019 2:52 PM
    Thursday, August 1, 2019 2:52 PM
  • Hi Somnath,

    Did you got a chance to try out the suggestion?

    Friday, August 2, 2019 12:06 PM
    Moderator
  • Hi Somnath,

    Did the above suggestion helped you?

    Monday, August 5, 2019 5:54 AM
    Moderator
  • Hello,

    Any update on the issue?

    Just checking in if you got a chance to check the previous response.

    If your issue is resolved with the provided suggestion, do click “Mark as Answer” and "Up-Vote" on the post that helped you, so that other forum members can benefit from it.

    If you need any further help do let us know.

    Thanks
    Tuesday, August 6, 2019 10:53 AM
    Moderator
  • I am sorry for late  response.

    i have one question regarding you solution.

    in both ingress rule  you are uisng same same host name : abc.com

    how it will know which rule to apply.

    after your changes applied i am getting these errors in ingress log.

    earlier it was going to correct service and .net api was sending the error due url route mismatch.

    with you solution it is trying to redirect to ngnix itself.

    even i tried writing api host for backedn only. 

    10.240.0.4 - - [07/Aug/2019:07:21:10 +0000] "GET /IdentityAPI/api/ValidateEmail?email=ss@s.com HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3851.0 Safari/537.36 Edg/77.0.223.0" "-"
    2019/08/07 07:21:10 [error] 235#235: *204693 open() "/etc/nginx/html/IdentityAPI/api/ValidateEmail" failed (2: No such file or directory), client: 10.240.0.4, server: api.dev.arytic.com, request: "GET /IdentityAPI/api/ValidateEmail?email=ss@s.com HTTP/1.1", host: "api.dev.arytic.com"

    this is my ingress deployment

    containers:
    - image: nginx/nginx-ingress:edge
    imagePullPolicy: Always
    name: nginx-ingress
    ports:
    - name: http
    containerPort: 80
    - name: https
    containerPort: 443

    Wednesday, August 7, 2019 7:30 AM
  • Hi Somnath,

    I installed nginx using the helm chart. https://github.com/helm/charts/tree/master/stable/nginx-ingress

    It differentiates based on the path on the url.

    If path has  EmailAPI, Then it goes to that service.

    If path is empty or having something which is not matching, Then the request goes to the frontend service.

    From your error i see that its redirecting to a file in nginx. Need to debug this.

    I also see that you are using the edge tag for your ingress image. Please use latest for particular version(1.5.2).

    Edge versions may not be stable.

    Also give me your ingress yaml. 

    If possible try with installing nginx ingress via helm and try.

    Wednesday, August 7, 2019 8:24 AM
    Moderator
  • ---
    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: ingress-dev-backend
    annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
    spec:
    rules:
    - host: abc.com
    http:
    paths:
    - path: /EmailAPI(/|$)(.*)
    backend:
    serviceName: esolvitemailapi-svc
    servicePort: 80
    - path: /IdentityAPI(/|$)(.*)
    backend:
    serviceName: esolvitidentityapi-svc
    servicePort: 80
    ---
    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: ingress-dev
    annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    spec:
    rules:
    - host: abc.com
    http:
    paths:
    - backend:
    serviceName: candidatehybrid-svc
    servicePort: 80
    Friday, August 9, 2019 11:29 AM
  • Hi Somnath,

    Please dont use this image( "nginx/nginx-ingress:edge"  ) with edge tag.

    Please use the one with version or the distribution name. 

    You can find all the available tags here https://hub.docker.com/r/nginx/nginx-ingress/tags

    Tuesday, August 20, 2019 9:04 AM
    Moderator
  • i am using  but still getting issue
    - image: nginx/nginx-ingress:1.5.4
    Friday, August 23, 2019 11:01 AM
  • this nginx.config i think it should contain the rewrite but somehow it does not have that directive

    kubectl exec -it -n dev nginx-ingress-57dcb5fc64-mrtsp  cat /etc/nginx/nginx.conf

    user  nginx;
    worker_processes  auto;
    daemon off;

    error_log  /var/log/nginx/error.log notice;
    pid        /var/run/nginx.pid;

    events {
        worker_connections  1024;
    }

    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;

        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';


        access_log  /var/log/nginx/access.log  main;


        sendfile        on;
        #tcp_nopush     on;

        keepalive_timeout 65s;
        keepalive_requests 100;

        #gzip  on;

        server_names_hash_max_size 512;


        variables_hash_bucket_size 256;
        variables_hash_max_size 1024;

        map $http_upgrade $connection_upgrade {
            default upgrade;
            ''      close;
        }
        map $http_upgrade $vs_connection_header {
            default upgrade;
            ''      $default_connection_header;
        }








        server {
            # required to support the Websocket protocol in VirtualServer/VirtualServerRoutes
            set $default_connection_header "";

            listen 80 default_server;
            listen 443 ssl default_server;

            ssl_certificate /etc/nginx/secrets/default;
            ssl_certificate_key /etc/nginx/secrets/default;

            server_name _;
            server_tokens "on";
            access_log off;





            location / {
               return 404;
            }
        }
        # stub_status
        server {
            listen 8080;

            allow 127.0.0.1;
            deny all;

            location /stub_status {
                stub_status;
            }
        }

        include /etc/nginx/config-version.conf;
        include /etc/nginx/conf.d/*.conf;

        server {
            listen unix:/var/run/nginx-502-server.sock;
            access_log off;



            location / {
                return 502;
            }
        }
    }

    stream {
        log_format  stream-main  '$remote_addr [$time_local] '
                          '$protocol $status $bytes_sent $bytes_received '
                          '$session_time';

        access_log  /var/log/nginx/stream-access.log  stream-main;


    }

    Wednesday, August 28, 2019 11:06 AM
  • Hi ,

    Can you please make sure the ingress which you are using is supporting rewrites or not.
    I tested in  this ingress https://github.com/kubernetes/ingress-nginx

    I have installed using help with this chart https://github.com/helm/charts/tree/master/stable/nginx-ingress

    Tuesday, September 3, 2019 12:23 PM
    Moderator