I would like to access Vault-UI through a Kubernetes ingress using NGINX controller. I've tried many things, but the server seems to be doing some redirection.
The simple ingress resources below would not work as the Vault-UI does not know how to handle that specific path and request:
resource "kubernetes_ingress_v1" "vault_ui_ingress" {
metadata {
name = "vault-ui-ingress"
}
spec {
ingress_class_name = "nginx"
rule {
host = "localhost"
http {
path {
path = "/vault/*"
backend {
service {
name = "vault-ui"
port {
number = 8200
}
}
}
}
}
}
}
}
Therefore, I opted for an ingress rewrite target ( I know it's not that clean ) like below:
resource "kubernetes_ingress_v1" "vault_ui_ingress" {
metadata {
name = "vault-ui-ingress"
annotations = {
"nginx.ingress.kubernetes.io/rewrite-target" = "/$2"
"nginx.ingress.kubernetes.io/use-regex" = "true"
}
}
spec {
ingress_class_name = "nginx"
rule {
host = "localhost"
http {
path {
path = "/vault(/|$)(.*)"
path_type = "ImplementationSpecific"
backend {
service {
name = "vault-ui"
port {
number = 8200
}
}
}
}
}
}
}
wait_for_load_balancer = false
}
But even with this the ingress is failing to serve Vault-UI. This I believe is because of the particularities of the Vault server. It is important for the integrity of our architecture for everything to be accessed through the Ingress, is it possible to achieve this for Vault-UI ?
The following ingress chart is used:
resource "helm_release" "nginx_ingress" {
name = "nginx-ingress"
repository = "https://kubernetes.github.io/ingress-nginx"
chart = "ingress-nginx"
set {
name = "controller.service.type"
value = "NodePort"
}
set {
name = "controller.service.nodePorts.http"
value = "31293"
}
set {
name = "controller.hostNetwork"
value = "true"
}
}
