Develop Reference

How to setup this ingress and controller to enable caching?

The Cluster is running multiple NGINX pods in one service, deployed over a Deployment YAML file.
I'm trying to cache GET Requests on both services a rest.js client, and an API web-application.
I'm struggling to make caching work with this ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: myNamespace
name: test-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: 8m
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/http-snippet: "proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=static-cache:32m use_temp_path=off max_size=4g inactive=24h;"
nginx.ingress.kubernetes.io/server-snippet: |
proxy_cache static-cache;
proxy_cache_lock on;
proxy_cache_valid any 60m;
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie"
add_header Cache-Control "public";
add_header X-Cache-Status $upstream_cache_status;
spec:
rules:
- host: "{{ HOST }}"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: server
port:
number: 8080
- host: "client-{{ HOST }}"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: client
port:
number: 5500
tls:
- hosts:
- "{{ HOST }}"
- "testclientapplication-{{ HOST }}"
secretName: ingress-cert
In the response to any requests are the content-length, content-type, date and the strict-transport-security header.
Previously i was attempting to get it to run over a ConfigMap but that didn't work out either.
apiVersion: v1
kind: ConfigMap
metadata:
namespace: myNamespace
name: ingress-nginx-controller
data:
http-snippet: "proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=static-cache:32m use_temp_path=off max_size=4g inactive=24h;"
The service and client application are running fine but i'm struggeling to enable caching.
Some advice on how to enable caching would be highly appreciated.

Nginx 503 ingress controller k8s

I have an application running on nginx port 9000, and a service attached to it. If I put service as a LoadBalancer, I can open IP:PORT/app/pages in my browser (ClusterIP and NodePort with nginx doesn't work). Created Ingress controller with ALB, and A record to point to app.mydomain.com, but I keep getting 503 or 404 errors, even 400 sometimes (tried couple of ports/paths etc). Can someone point me to what should I look at? I want to be able to open https://app.mydomain.com/app/pages. cert-manager is complaining with 400 errors also when retrieving the certificate.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-app-dev
namespace: app-dev
annotations:
cert-manager.io/issuer: letsencrypt-nginx
ingress.kubernetes.io/rewrite-target: /
# ingressclass.kubernetes.io/is-default-class: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- app.mydomain.com
secretName: letsencrypt-nginx
rules:
- host: app.mydomain.com
http:
paths:
- pathType: Prefix
backend:
service:
name: app-service
port:
number: 8080
path: /
apiVersion: v1
kind: Service
metadata:
name: app-service
namespace: app-dev
spec:
type: LoadBalancer
ports:
- port: 9090
protocol: TCP
targetPort: 8080
selector:
app: app
IP of Ingress is added as a A record to DNS (app.mydomain.com). This is my nginx conf in the docker image
bash-5.1# cat /etc/nginx/conf.d/default.conf
server {
listen 8080 ssl;
ssl_certificate /ssl/cert;
ssl_certificate_key /ssl/key;
location / {
root /www;
autoindex off;
add_header 'Access-Control-Allow-Origin' '*';
}
location /healthz {
return 200 'ok';
}
}

How to capture subdomain in nginx ingress

I want to capture subdomain and rewrite URL with /subdomain, For example bhautik.bhau.tk rewrite to bhau.tk/bhautik.
I also https://github.com/google/re2/wiki/Syntax tried group syntax
Here is my nginx ingress config:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: subdomain
namespace: subdomain
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
# nginx.ingress.kubernetes.io/rewrite-target: /$sub
nginx.ingress.kubernetes.io/server-snippet: |
set $prefix abcd;
if ($host ~ ^(\w+).bhau\.tk$) {
// TODO?
}
nginx.ingress.kubernetes.io/rewrite-target: /$prefix/$uri
spec:
rules:
- host: "*.bhau.tk"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: subdomain
port:
number: 80
How do I capture subdomain from $host?

I believe you want a redirect instead of rewrite. Here is the server-snippet you need:
nginx.ingress.kubernetes.io/server-snippet: |
if ($host ~ ^(?<subdom>\w+)\.(?<basedom>bhau\.tk)$) {
return 302 https://$basedom/$subdom/ ;
}
If you really want a rewrite where the URL that the user sees remains unchanged but instead the request will be routed to a subpath served by the same service:
nginx.ingress.kubernetes.io/server-snippet: |
if ($host ~ ^(?<subdom>\w+)\.(?<basedom>bhau\.tk)$) {
rewrite ^/(.*)$ /$subdom/$1 ;
}
Remove the rewrite-target annotation that specifies $prefix. You don't need it.
The ?<capturename> and $capturename pair is the trick you are looking for.

You can try out the
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/server-snippet: |
if ($host ~ "bhautik.bhau.tk")
{
rewrite ^ https://bhau.tk$host permanent;
}
name: test-ingress
spec:
rules:
- host: bhau.tk
http:
paths:
- backend:
serviceName: app-service
servicePort: 3000
path: (/|$)(.*)

Kubernetes Ingress redirecting to directory different than nginx's root

Basically, I have a nginx conf with something like that :
server {
server_name localhost;
listen 80;
root /var/www/projectA/public_html;
}
And a (working) ingress that redirects to the root without a problem :
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: main-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
rules:
- host: projectA.com
http:
paths:
- path: /
backend:
serviceName: main-service
servicePort: 80
Now, I'd need another host ingress, let's say medias.projectA.com, that shows/manages medias (pictures uploaded through projectA's forms).
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: medias-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
rules:
- host: medias.projectA.com
http:
paths:
- path: /
backend:
serviceName: main-service
servicePort: 80
What I'm trying to set is as follows :
projectA.com => /var/www/projectA/public_html
medias.projectA.com => /var/www/projectA/medias
What I tried but failed : Changing the nginx's root to /var/www/projectA, and then set the main ingress's path to /public_html (instead of /), and the media ingress's path to /medias (instead of /) => Got 404
What I also tried : Setting a new nginx conf with a different port (81) that points to /var/www/projectA/medias/public_html as a root. Then create a new service "media-service" that listens to port 81 for the medias ingress => medias.projectA.com/ redirects me to projectA.com
server {
server_name localhost;
listen 80;
root /var/www/projectA/public_html;
}
server {
server_name localhost;
listen 81;
root /var/www/projectA/medias;
}
Added a new port 81 in main-service:
spec:
ports:
- port: 80
targetPort: http
protocol: TCP
- port: 81
targetPort: http
protocol: TCP
Ingress :
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: medias-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
rules:
- host: medias.projectA.com
http:
paths:
- path: /
backend:
serviceName: main-service
servicePort: 81
Still can't get to have medias.projectA.com/ point to /var/www/projectA/medias (always /var/www/projectA/public_html)

kubernetes nginx ingress error with configuration-snippet

I have following ingress.yaml file
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-configuration-snippet
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/configuration-snippet: |
location /base/path/v1/api/update {
deny all;
return 404;
}
spec:
rules:
- http:
paths:
- path: /base/path(/|$)(.*)
backend:
serviceName: myApi
servicePort: 8080
But when I send a request to https:///base/path/v1/api/update it succeeds and I got following error in nginx ingress controller
Error: exit status 1
2020/08/06 18:35:07 [emerg] 1734#1734: location "/base/path/v1/api/update" is outside location "^/base/path(/|$)(.*)" in /tmp/nginx-cfg008325631:2445
nginx: [emerg] location "/base/path/v1/api/update" is outside location "^/base/path(/|$)(.*)" in /tmp/nginx-cfg008325631:2445
nginx: configuration file /tmp/nginx-cfg008325631 test failed
Can somebody help?

The configuration-snippet is to add configs to locations.
If you want to add a custom location to the server context, you should use the server-snippet instead:
Using the annotation nginx.ingress.kubernetes.io/server-snippet it is
possible to add custom configuration in the server configuration
block.
You also need to use some modifiers and regex to make it work (~* and ^).
The following config should work:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-configuration-snippet
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/server-snippet: |
location ~* "^/base/path/v1/api/update" {
deny all;
return 403;
}
spec:
rules:
- http:
paths:
- path: /base/path(/|$)(.*)
backend:
serviceName: myApi
servicePort: 8080
The final nginx.config should end like this:
$ kubectl exec -n kube-system nginx-ingress-controller-6fc5bcc8c9-chkxf -- cat /etc/nginx/nginx.conf
[...]
location ~* "^/base/path/v1/api/update" {
deny all;
return 403;
}
location ~* "^/base/path(/|$)(.*)" {
[...]
}