-1

I was reading about ingress controller and ingress resource to route the incoming request to Kubernetes cluster to specific service.

Ingress resource file will be similar to:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-myservicea
spec:
  rules:
  - host: myservicea.foo.org
    http:
      paths:
      - path: /v1/myapp/health
        pathType: Prefix
        backend:
          service:
            name: myservice
            port:
              number: 80
  ingressClassName: nginx

My understanding from above ingress is, all incoming request(url like: https://myservicea.foo.org/v1/myapp/health) to ingress controller will be redirected to the service "myservice" on port 80. No matter request is coming from which domain(app, client, host, IP or localhost).

Here my question is, How can we add rules in ingress resource to specify, request coming from specific domain(app, client, host or IP) will be routed to specific service("myservice") based on path. If it is coming from any other domain, request will be simply discarded.

Rohit
  • 406
  • 1
  • 5
  • 21

1 Answers1

0

What example you have shared above is host-based routing. Where you have a different Host or Domain and based on traffic gets forwarded to service. example.com

you can also do the path-based routing with an ingress controller where regex might be used. /v1/myapp

Ingress controller if you are using the nginx you won't be able to route based on IP address. You can whitelist the IPs addresses, only certain IP can access the Ingress else will be blocked but based on IP you can not forward request to service.

However there is always way around so if you are already have Nginx config you can also do same in ingress also.

You have to try and test a few blocks based on that you might be able to achieve what you are looking for.

You can leverage the server-snippet or configuration-snippet to create the blocks.

For example if /preview 302 redirect it

annotations:
        nginx.ingress.kubernetes.io/configuration-snippet: |
         rewrite /preview https://test.app.example.com$uri permanent;

Another example based on server_name same you can check for header values and based on that you can do routing.

kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/server-snippet: |
      server_name     ~^(?<subdomain>\w+)\.example\.io$;
    nginx.ingress.kubernetes.io/rewrite-target: /proxy/$subdomain/$1 
name: nginx-forward
spec:
  rules:
  - http:
      paths:
      - backend:
        service:
          name: service
        port:
          number: 8080
      path: /(.*)
      pathType: Prefix

Considering here nginx ingress controller here you can setup different CRDs also from the opensource project or install plugins if using Kongs baed on the requirement.

Read more server-snippet : https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#server-snippet

Read more configuration-snippet : https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#configuration-snippet

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
  • Thanks for your answer Hash, but still I didn't get the answer how can we ensure, request coming from specific domain be only routed by ingress controller ingress resource. could you please provide example. – Rohit Feb 09 '23 at 03:40
  • Hi Rohit could you please let me know when you say domain you mean app, client etc so those have a different subdomain or have some headers or based on user-agent how are looking for to route traffic? – Harsh Manvar Feb 09 '23 at 06:08
  • any update ont this ? – Harsh Manvar Feb 23 '23 at 20:17
  • Hi Harsh, yes there is an app which is running on http://localhost:4200(client) and It is trying to access endpoint https://localhost:32225/v1/myapp/users(where 32225 is port number of nginx controller gateway) which will route the request to service based on ingress resource rule(match the path /v1/myapp/users to the service myapp-svc) and request will reach to expected pod. – Rohit Feb 26 '23 at 16:53
  • In addition to that, My question is, Can we also add something in ingress rule that request coming from https://localhost:4200 trying to access resource http://localhost:32225/v1/myapp/users will only be routed to service myapp-svc otherwise it will be discarded. Like if request is from http://localhost:4201 trying to access http://localhost:32225/v1/myapp/users will be discarded as it was originated from http://localhost:4201 not from http://localhost:4200 – Rohit Feb 26 '23 at 16:54
  • Yes if request host details available you can check host in nginx ingress controller and based you can set condition properly or redirect request . – Harsh Manvar Feb 26 '23 at 19:22
  • Thanks Harsh for your quick response. I would appreciate that if you can put example here? – Rohit Feb 27 '23 at 03:43
  • https://viesure.io/nginx-ingress-controller/ – Harsh Manvar Feb 27 '23 at 05:24