Closed jtackaberry closed 1 year ago
@jtackaberry: This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
@jtackaberry Hi, Thanks for reporting this. If what you are saying is true, then it looks like a bug.
You can help out by kindly writing step-by-step instructions, for reproducing. If someone can copy/paste from, your instructions on their kind/minikube/kubeadm/other cluster, to reproduce this, it will save developer time & help complete/accept triage to get some priority on the issue. There is lack of resources so clear data showing priority helps.
@longwuyuan done. Apologies for not doing that to begin with. It turned out the actual test case was a bit more complicated -- it required the precondition of having another rule that uses nginx.ingress.kubernetes.io/rewrite-target
. I've updated my original post with repeatable commands to reproduce the issue.
Thank you very much for the steps. Was worried that controller broke api specs.
Now, your update complicates the issue. So step1 request is kindly make sure all ingress objects have defined ingress.spec.rules.host field. Need to know behaviour with that field defined. Waiting for your update.
Thanks, ; Long
On Mon, 31 Jan, 2022, 8:33 AM Jason Tackaberry, @.***> wrote:
@longwuyuan https://github.com/longwuyuan done. Apologies for not doing that to begin with. It turned out the actual test case was a bit more complicated -- it required the precondition of having another rule that uses nginx.ingress.kubernetes.io/rewrite-target. I've updated my original post with repeatable commands to reproduce the issue.
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025332849, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWRAWHM7FWKXGQ4DVXTUYX3ZHANCNFSM5NE2XLPA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
So step1 request is kindly make sure all ingress objects have defined ingress.spec.rules.host field.
@longwuyuan Done. OP updated.
Thanks. Did you check nginx.conf.
Kindly add more info. Please add kubectl describe for the service type LoadBalancer created by the controller. Then for each ingress object, please add the kubectl describe. After that, for each curl, please add the log messages of the controller pod, related to that specific curl request.
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:24 AM Jason Tackaberry, @.***> wrote:
So step1 request is kindly make sure all ingress objects have defined ingress.spec.rules.host field.
@longwuyuan https://github.com/longwuyuan Done. OP updated.
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025352912, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWQT2V3YOKKTOVFK4G3UYYBY7ANCNFSM5NE2XLPA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
I probably won't be able to get to this until at least next weekend. If you think of anything further you'd like to see between now and then, please let me know.
For what it's worth, the test case is complete and repeatable and clearly demonstrates the bug.
I think it's complete too but a person reproducing should compare the state, the curl and the logs. Hope I can reproduce too.
Current thought is permanent redirect and rewrite are contending plus not designed to be used together on one fqdn. It will be interesting to see what server block contains in nginx.conf
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:48 AM Jason Tackaberry, @.***> wrote:
I probably won't be able to get to this until at least next weekend. If you think of anything further you'd like to see between now and then, please let me know.
For what it's worth, the test case is complete and repeatable and clearly demonstrates the bug.
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025363932, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWVHBO33OEGTZMTB7XTUYYEQ7ANCNFSM5NE2XLPA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
@nishant-jain-94, would you be interested to pair on this one
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:56 AM Yuan, @.***> wrote:
I think it's complete too but a person reproducing should compare the state, the curl and the logs. Hope I can reproduce too.
Current thought is permanent redirect and rewrite are contending plus not designed to be used together on one fqdn. It will be interesting to see what server block contains in nginx.conf
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:48 AM Jason Tackaberry, @.***> wrote:
I probably won't be able to get to this until at least next weekend. If you think of anything further you'd like to see between now and then, please let me know.
For what it's worth, the test case is complete and repeatable and clearly demonstrates the bug.
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025363932, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWVHBO33OEGTZMTB7XTUYYEQ7ANCNFSM5NE2XLPA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
@jtackaberry, it will be nice to see kubectl describe of ingress objects so that the ingressClassName is verified.
Thanks, ; Long
On Mon, 31 Jan, 2022, 10:06 AM Yuan, @.***> wrote:
@nishant-jain-94, would you be interested to pair on this one
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:56 AM Yuan, @.***> wrote:
I think it's complete too but a person reproducing should compare the state, the curl and the logs. Hope I can reproduce too.
Current thought is permanent redirect and rewrite are contending plus not designed to be used together on one fqdn. It will be interesting to see what server block contains in nginx.conf
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:48 AM Jason Tackaberry, @.***> wrote:
I probably won't be able to get to this until at least next weekend. If you think of anything further you'd like to see between now and then, please let me know.
For what it's worth, the test case is complete and repeatable and clearly demonstrates the bug.
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025363932, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWVHBO33OEGTZMTB7XTUYYEQ7ANCNFSM5NE2XLPA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
Yes @Long. I have started running this on my machine. Yet to reproduce the problem. Still working on it. Thank you.
On Mon, Jan 31, 2022, 10:26 Long Wu Yuan @.***> wrote:
@jtackaberry, it will be nice to see kubectl describe of ingress objects so that the ingressClassName is verified.
Thanks, ; Long
On Mon, 31 Jan, 2022, 10:06 AM Yuan, @.***> wrote:
@nishant-jain-94, would you be interested to pair on this one
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:56 AM Yuan, @.***> wrote:
I think it's complete too but a person reproducing should compare the state, the curl and the logs. Hope I can reproduce too.
Current thought is permanent redirect and rewrite are contending plus not designed to be used together on one fqdn. It will be interesting to see what server block contains in nginx.conf
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:48 AM Jason Tackaberry, @.***> wrote:
I probably won't be able to get to this until at least next weekend. If you think of anything further you'd like to see between now and then, please let me know.
For what it's worth, the test case is complete and repeatable and clearly demonstrates the bug.
— Reply to this email directly, view it on GitHub < https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025363932 , or unsubscribe < https://github.com/notifications/unsubscribe-auth/ABGZVWVHBO33OEGTZMTB7XTUYYEQ7ANCNFSM5NE2XLPA
. Triage notifications on the go with GitHub Mobile for iOS < https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675
You are receiving this because you were mentioned.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025380403, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADUFFDV5WQIGQXONIWBAZZTUYYI7NANCNFSM5NE2XLPA . You are receiving this because you were mentioned.Message ID: @.***>
Thank you Nishant. We can sync on slack.
Thanks, ; Long
On 2/1/22 9:13 AM, Nishant Jain wrote:
Yes @Long. I have started running this on my machine. Yet to reproduce the problem. Still working on it. Thank you.
On Mon, Jan 31, 2022, 10:26 Long Wu Yuan @.***> wrote:
@jtackaberry, it will be nice to see kubectl describe of ingress objects so that the ingressClassName is verified.
Thanks, ; Long
On Mon, 31 Jan, 2022, 10:06 AM Yuan, @.***> wrote:
@nishant-jain-94, would you be interested to pair on this one
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:56 AM Yuan, @.***> wrote:
I think it's complete too but a person reproducing should compare the state, the curl and the logs. Hope I can reproduce too.
Current thought is permanent redirect and rewrite are contending plus not designed to be used together on one fqdn. It will be interesting to see what server block contains in nginx.conf
Thanks, ; Long
On Mon, 31 Jan, 2022, 9:48 AM Jason Tackaberry, @.***> wrote:
I probably won't be able to get to this until at least next weekend. If you think of anything further you'd like to see between now and then, please let me know.
For what it's worth, the test case is complete and repeatable and clearly demonstrates the bug.
— Reply to this email directly, view it on GitHub <
https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025363932
,
or unsubscribe <
https://github.com/notifications/unsubscribe-auth/ABGZVWVHBO33OEGTZMTB7XTUYYEQ7ANCNFSM5NE2XLPA
. Triage notifications on the go with GitHub Mobile for iOS <
https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675
or Android <
.
You are receiving this because you were mentioned.Message ID: @.***>
— Reply to this email directly, view it on GitHub
https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1025380403, or unsubscribe
https://github.com/notifications/unsubscribe-auth/ADUFFDV5WQIGQXONIWBAZZTUYYI7NANCNFSM5NE2XLPA . You are receiving this because you were mentioned.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1026449767, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWWWAS4OU2X25C7F7Y3UY5JGVANCNFSM5NE2XLPA. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
@longwuyuan I've updated the "Steps to Reproduce" section in my original comment with the requested information.
Thank you. It helps a lot.
Thanks, ; Long
On Tue, 1 Feb, 2022, 9:23 PM Jason Tackaberry, @.***> wrote:
@longwuyuan https://github.com/longwuyuan I've updated the "Steps to Reproduce" section in my original comment with the requested information.
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8208#issuecomment-1026995681, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWUAU7BWQSIFU2LOSS3UY76XRANCNFSM5NE2XLPA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/reopen
/remove-lifecycle rotten
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
@k8s-triage-robot: Closing this issue, marking it as "Not Planned".
Problem Statement
Consider the following Ingress definition which uses the
permanent-redirect
annotation to issue a 301 Redirect for matched path:Querying
https://example.com/changelog
redirects as expected.But what's unexpected is that when another Ingress rule is defined that uses
rewrite-target
, the above Ingress will also redirecthttps://example.com/changelogfoobarbaz
.On the ingress controller pod,
nginx.conf
contains the following for bothExact
andPrefix
:This what I expect for
Prefix
, but not forExact
. ForExact
I would have expected:This condition only occurs when there is another Ingress in the same scope that defines a
nginx.ingress.kubernetes.io/rewrite-target
annotation.Steps to Reproduce
Perform this method of procedure on a fresh cluster:
Environment State Following Reproduction Steps
Given the above reproduction steps, here are more details from the resulting environment (which in my case is hosted in DOKS, but is repeatable on Vultr):
Here is the resulting nginx.conf on the controller pod:
nginx.zip
Here are the ingress controller log lines generated from the above two curl requests:
Environment Details
NGINX Ingress controller version
Kubernetes version
Environment:
uname -a
):Linux default-38df614b9441 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
$ helm -n ingress-nginx get values ingress-nginx controller: config: force-ssl-redirect: true hsts-max-age: 31536000 log-format-escape-json: "true" log-format-upstream: status=$status path="$request_uri" method=$request_method ingress=$ingress_name remote_addr=$proxy_protocol_addr response_length=$bytes_sent duration=$request_time host=$http_host protocol=$server_protocol referer="$http_referer" agent="$http_user_agent" ssl_protocol=$ssl_protocol ssl_cipher=$ssl_cipher scheme=$scheme request_length=$request_length request_id=$req_id user=$remote_user namespace=$namespace service=$service_name:$service_port real-ip-header: proxy_protocol ssl-ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 use-proxy-protocol: "true" worker-processes: 2 extraArgs: default-ssl-certificate: ingress-nginx/default-cert-tls image: tag: v1.1.1 ingressClassResource: default: true metrics: enabled: true replicaCount: 1 service: annotations: service.beta.kubernetes.io/vultr-loadbalancer-proxy-protocol: "true" defaultBackend: enabled: false
$ kubectl describe ingressclasses Name: nginx Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=ingress-nginx app.kubernetes.io/part-of=ingress-nginx app.kubernetes.io/version=1.1.1 helm.sh/chart=ingress-nginx-4.0.16 Annotations: ingressclass.kubernetes.io/is-default-class: true meta.helm.sh/release-name: ingress-nginx meta.helm.sh/release-namespace: ingress-nginx Controller: k8s.io/ingress-nginx Events:
$ kubectl -n ingress-nginx get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES ingress-nginx-controller-59b6745b68-kstn5 1/1 Running 0 4d 10.244.44.11 default-38df614b9441
$ kubectl -n ingress-nginx get svc -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR ingress-nginx-controller LoadBalancer 10.96.29.106 80:32035/TCP,443:32583/TCP 4d app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
ingress-nginx-controller-admission ClusterIP 10.110.101.181 443/TCP 4d app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
ingress-nginx-controller-metrics ClusterIP 10.102.70.74 10254/TCP 4d app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx