Hello I am using ingress controller for api gateway and used .net core miroservice along with swagger implementation, I referred most of the examples / questions related to it on stackover flow but when I try to hit API from swagger it gives 404, is there any way to solve this problem without specifying service name in a code?
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: rewrite
namespace: default
spec:
ingressClassName: nginx
rules:
- host: rewrite.bar.com
http:
paths:
- path: /Service1(/|$)(.*)
pathType: Prefix
backend:
service:
name: LoginService
port:
number: 80
when I try to access swagger then I am able to access it from url like {{domain}}/service1/swagger/.
but API end point generated by swagger doesn't contain service1 in the URL which causes 404.
I know there are solution to change Open API end point from the code but I don't want to do any changes in a code as microservice should not know about where it is going to host.
Any advice on the same?
You can use below code
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint($"/Service1/swagger/v1/swagger.json", $"APP API - {version}");
});
Related
We have deployed a mockserver on kubernetes. Currently, we only have one hostname which is shared by couple other applications (using a different path). However, the dashboard is not working because of the css location. What's the best way to solve this problem?
Failed to load resource: the server responded with a status of 404 (), hostname/mockserver/dashboard/static/css/main.477cab2a.chunk.css
The ingress manifest:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
app.kubernetes.io/instance: mock-server
kubernetes.io/ingress.class: nginx-ingress-protected
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: mock-server-ingress
namespace: my-namespace
spec:
rules:
- host: hostname
http:
paths:
- backend:
serviceName: mock-server-svc
servicePort: 80
path: /testing(/|$)(.*)
This works fine if I request resource like hostname/testing/mockserver/expectation, the rewrites will be sending /mockserver/exepctation to the backend.
However, if for path hostname/testing/mockserver/dashboard, it is a html page which will loads hostname/mockserver/dashboard which doesn't exist. I can't wrap my head around this. Should I create another ingress with path /mockserver just to serve the css?
Your rewrite is working as expected. However,
there are some options you can choose from:
Create a second rule for the /mockserver (the simplest solution).
Play with capture groups:
Captured groups are saved in numbered placeholders, chronologically,
in the form $1, $2 ... $n. These placeholders can be used as
parameters in the rewrite-target annotation.
Use a paid solution.
The easiest would be to go for option 1 and create a second rule which would satisfy the path for the css.
We are moving to kubernetes and we are totally new to it.
In our current mono service setup we have: Nginx -> Web application. These way we can protect some static assets via authentication in the web application and use internal and X-Accel-Redirect of Nginx to serve static files after authentication takes place.
Now in kubernetes we have Ingress and behind these services:
web app
private static service
Is there a way to tell in ingress from the web application to "redirect" the request as we kind of do with sendfile, so that the private static service will reply to it? Or somehow to achieve protecting our static while keeping the static service separate and independent in kubernetes setup?
We kind of made it work by chaining the private static service in front of the web application, but it feels there must be a better way to do it.
Here is how I managed to make it work.
I created two ingresses.
First:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
internal;
nginx.ingress.kubernetes.io/rewrite-target: /some/path/$1
name: static-service-internal
spec:
rules:
- http:
paths:
- backend:
serviceName: private-static-service
servicePort: 80
path: /protected/(.*)
and second service:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
name: web-app
spec:
rules:
- http:
paths:
- backend:
serviceName: web-app
servicePort: 80
path: /
What you see above is supposed to work as in this example from nginx documentation
When receiving X-Accel-Redirect: /protected/iso.img from web-app then it will request /some/path/iso.img from private static service.
Let me know if this solves you problem.
I am running a Kubernetes Cluster with an Nginx-ingress fronting couple of web apps. Because Nginx doesn't support SSO/OIDC by default, I use an oauth_proxy for authentication.
In detail I use oauth2_proxy (https://github.com/pusher/oauth2_proxy) with Azure AD.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress-internal
namespace: ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/auth-url: "https://example.com/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://example.com/oauth2/start?rd=$escaped_request_uri"
nginx.ingress.kubernetes.io/auth-response-headers: "authorization, x-auth-request-user, x-auth-request-email, x_auth_request_access_token"
spec:
rules:
- host: example.com
http:
paths:
- path: /home(/|$)(.*)
backend:
serviceName: app-homepage-frontend-service
servicePort: 80
- path: /homepage-backend(/|$)(.*)
backend:
serviceName: app-homepage-backend-service
servicePort: 80
I skiped some details like tls. So in general everything is working, only verified users are able to access the web pages.
The issue is that my frontend is writte in Angular which use hash-routing. And if try to enter a deep route like
https://example.com/home/#/page1/subpage2
just base path (/home) is passed as redirect url. So when I'm authorized successfully, I get redirected to https://example.com/home.
Is there any veriable instead of $escaped_request_uri, which pass the whole url?
Please try with below process might be it will help!!
Adding State Parameter will help for oauth2_proxy
State Parameter
State parameter will reserve the state prior to authentication request and pass random generated state value in request to authenticate and in call back request they will add state back i.e. Oauth2_Proxy generated id. Then Oauth2_Proxy will read that ID and provide the URL back and respond.
Use below link
https://dev.bitly.com/v4_documentation.html
Bitly Oauth2_Proxy added the same in there code.
https://github.com/bitly/oauth2_proxy/blob/master/providers/provider_default.go#L87-L89
When the client tries to connect our ingress defined endpoint via a wss:// request, the app returns 400 bad request, which according to socket.io docs is due to missing headers removed by load balancing proxies like nginx.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.org/websocket-services: service-name
spec:
tls:
- hosts:
- www.myhost.com
rules:
- host: www.myhost.com
http:
paths:
- path: /
backend:
serviceName: service-name
servicePort: 80
From the logs in the IBM provided ingress controller it seems to be a fork of this nginx ingress controller. Which says that the annotation nginx.org/websocket-services adds support for websockets by adding directives to the generated nginx conf to pass the required headers. We have tried this as per above but to no avail.
Has anyone had any success making this annotation work?
Any workarounds for adding to the generated nginx conf?
Any IBM people know if this functionality was intentionally removed from the fork? And if there is any way to add support for websockets in the IBM version of Kubernetes?
Websockets is not currently supported, we are working on adding it and I will update here when it is available.
Thank you
Edit: Websocket support is available in all regions, the annotation for it is:
annotations:
ingress.bluemix.net/websocket-services: service-name
I need for each of my users to access a service at a custom url eg. abccompany.mycloudapp.com , each service being a kubernetes service I'm looking at ingress controllers but I need a way to use a wildcard host field and somehow read the value into the path: and service: fields ; here's a sample ingress controller of what I have in mind:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test
spec:
rules:
- host: *.bar.com
http:
paths:
- path: /{{ value of * in * .bar.com }}
backend:
serviceName: {{value of * in *.bar.com }}Svc
servicePort: 80
If you use the stock controllers you will be able to switch on hostname and go to different backends services. It sounds like you don't want to enumerate all the subdomains -> service mappings, in which case you probably need to write your own controller that writes out an nginx config that uses $http_host in the appropriate proxy_pass or redirect lines. Give it a shot (https://github.com/kubernetes/contrib/tree/master/ingress/controllers) and file bugs in that same repo if you need help.