Ingress rewrite-target annotation affects ingress across whole namespace

PeterAndreus commented 2 years ago

What happened?

In my project i need rewrite one path in ingress, so i looked at documentation: https://kubernetes.github.io/ingress-nginx/examples/rewrite/

My ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    meta.helm.sh/release-name: is
    meta.helm.sh/release-namespace: is-dev
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  creationTimestamp: "2022-04-01T05:35:01Z"
  generation: 1
  labels:
    app.kubernetes.io/instance: is
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: backend-rest
    helm.sh/chart: backend-0.1.0  
  name: is-backend-rest
  namespace: is-dev
  resourceVersion: "352279575"
  uid: a1dc501e-3c12-46c7-a543-3db921433c81
spec:
  rules:
  - host: foo.bar.sk
    http:
      paths:
      - backend:
          service:
            name: is-backend
            port:
              name: http
        path: /rest(/|$)(.*)
        pathType: Prefix
  tls:
  - hosts:
    - foo.bar.sk

another Ingress specification:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    meta.helm.sh/release-name: is
    meta.helm.sh/release-namespace: is-dev
  creationTimestamp: "2022-04-01T05:35:02Z"
  generation: 1
  labels:
    app.kubernetes.io/instance: is
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: reg
    helm.sh/chart: reg-0.1.0
  name: is-reg
  namespace: is-dev
  resourceVersion: "352259630"
  uid: 68708a7d-3169-4e5a-a9f2-ca7db507fcb8
spec:
  rules:
  - host: foo.bar.sk
    http:
      paths:
      - backend:
          service:
            name: is-reg
            port:
              name: http
        path: /reg
        pathType: Prefix
  tls:
  - hosts:
    - foo.bar.sk

Rewrite works fine, access to reg services too. HOWEVER When there is rewrite target annotation i can access even foo.bar.sk/regSomething/url. If i disable rewrite target annotation, foo.bar.sk/regSomething/url is not accesible, like it should not be, because its not specified in Ingress.

Made some digging and found out that when rewrite annotation is applied, generated nginx configuration file looks like this:

location ~* "^/rest(/|$)(.*)" {

....

location ~* "^/reg" {

And when no rewrite annotation is applied generated config looks like:

location = /rest(/|$)(.*) {

...

location = /reg {

What did you expect to happen?

After rewrite-target annotation in one ingress rule other ingress rules in namespace should stay unchanged.

How can we reproduce it (as minimally and precisely as possible)?

kind: Pod
apiVersion: v1
metadata:
  name: apple-app
  labels:
    app: apple
spec:
  containers:
    - name: apple-app
      image: hashicorp/http-echo
      args:
        - "-text=apple"

---

kind: Service
apiVersion: v1
metadata:
  name: apple-service
spec:
  selector:
    app: apple
  ports:
    - port: 5678
      name: http

---

kind: Pod
apiVersion: v1
metadata:
  name: banana-app
  labels:
    app: banana
spec:
  containers:
    - name: banana-app
      image: hashicorp/http-echo
      args:
        - "-text=banana"

---

kind: Service
apiVersion: v1
metadata:
  name: banana-service
spec:
  selector:
    app: banana
  ports:
    - port: 5678
      name: http

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
  rules:
  - host: foo.bar.sk
    http:
      paths:
      - path: /apple(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: apple-service
            port:
              name: http

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress2
spec:
  rules:
  - host: foo.bar.sk
    http:
      paths:
      - path: /ba
        pathType: Prefix
        backend:
          service:
            name: banana-service
            port:
              name: http

https://foo.bar.sk/apple => returns "apple" https://foo.bar.sk/ba => returns "banana" https://foo.bar.sk/banana => returns "banana" since it should not

Kubernetes version

```console $ kubectl version Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.7", GitCommit:"1f86634ff08f37e54e8bfcd86bc90b61c98f84d4", GitTreeState:"clean", BuildDate:"2021-11-17T14:35:38Z", GoVersion:"go1.16.10", Compiler:"gc", Platform:"linux/amd64"} ```

OS version

```console # On Linux: $ cat /etc/os-release NAME="Ubuntu" VERSION="20.04.3 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.3 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal ```

k8s-ci-robot commented 2 years ago

@PeterAndreus: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

PeterAndreus commented 2 years ago

/sig network

liggitt commented 2 years ago

/transfer ingress-nginx

longwuyuan commented 2 years ago

Can you try pathType value as Exact and update.

Thanks, ; Long

On Mon, 4 Apr, 2022, 9:00 AM Peter Andreus, @.***> wrote:

What happened?

In my project i need rewrite one path in ingress, so i looked at documentation: https://kubernetes.github.io/ingress-nginx/examples/rewrite/

My ingress:

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: meta.helm.sh/release-name: is meta.helm.sh/release-namespace: is-dev nginx.ingress.kubernetes.io/rewrite-target: /$2 creationTimestamp: "2022-04-01T05:35:01Z" generation: 1 labels: app.kubernetes.io/instance: is app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: backend-rest helm.sh/chart: backend-0.1.0 name: is-backend-rest namespace: is-dev resourceVersion: "352279575" uid: a1dc501e-3c12-46c7-a543-3db921433c81 spec: rules:

host: foo.bar.sk http: paths:

backend: service: name: is-backend port: name: http path: /rest(/|$)(.*) pathType: Prefix tls:

hosts:

foo.bar.sk

another Ingress specification:

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: meta.helm.sh/release-name: is meta.helm.sh/release-namespace: is-dev creationTimestamp: "2022-04-01T05:35:02Z" generation: 1 labels: app.kubernetes.io/instance: is app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: reg helm.sh/chart: reg-0.1.0 name: is-reg namespace: is-dev resourceVersion: "352259630" uid: 68708a7d-3169-4e5a-a9f2-ca7db507fcb8 spec: rules:

host: foo.bar.sk http: paths:

backend: service: name: is-reg port: name: http path: /reg pathType: Prefix tls:

hosts:

foo.bar.sk

Rewrite works fine, access to reg services too. HOWEVER When there is rewrite target annotation i can access even foo.bar.sk/regSomething/url. If i disable rewrite target annotation, foo.bar.sk/regSomething/url is not accesible, like it should not be, because its not specified in Ingress.

Made some digging and found out that when rewrite annotation is applied, generated nginx configuration file looks like this:

location ~ "^/rest(/|$)(.)" {

....

location ~* "^/reg" {

And when no rewrite annotation is applied generated config looks like:

location = /rest(/|$)(.*) {

...

location = /reg {

What did you expect to happen?

After rewrite-target annotation in one ingress rule other ingress rules in namespace should stay unchanged. How can we reproduce it (as minimally and precisely as possible)?

kind: Pod apiVersion: v1 metadata: name: apple-app labels: app: apple spec: containers:

name: apple-app image: hashicorp/http-echo args:

"-text=apple"

kind: Service apiVersion: v1 metadata: name: apple-service spec: selector: app: apple ports:

port: 5678 name: http

kind: Pod apiVersion: v1 metadata: name: banana-app labels: app: banana spec: containers:

name: banana-app image: hashicorp/http-echo args:

"-text=banana"

kind: Service apiVersion: v1 metadata: name: banana-service spec: selector: app: banana ports:

port: 5678 name: http

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: rules:

host: foo.bar.sk http: paths:

path: /apple(/|$)(.*) pathType: Prefix backend: service: name: apple-service port: name: http

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: example-ingress2 spec: rules:

host: foo.bar.sk http: paths:

path: /ba pathType: Prefix backend: service: name: banana-service port: name: http

https://foo.bar.sk/apple => returns "apple" https://foo.bar.sk/ba => returns "banana" https://foo.bar.sk/banana => returns "banana" since it should not Anything else we need to know?

No response Kubernetes version

$ kubectl version Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.7", GitCommit:"1f86634ff08f37e54e8bfcd86bc90b61c98f84d4", GitTreeState:"clean", BuildDate:"2021-11-17T14:35:38Z", GoVersion:"go1.16.10", Compiler:"gc", Platform:"linux/amd64"}

Cloud provider OS version

On Linux:

$ cat /etc/os-release NAME="Ubuntu"VERSION="20.04.3 LTS (Focal Fossa)"ID=ubuntuID_LIKE=debianPRETTY_NAME="Ubuntu 20.04.3 LTS"VERSION_ID="20.04"HOME_URL="https://www.ubuntu.com/"SUPPORT_URL="https://help.ubuntu.com/"BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"VERSION_CODENAME=focalUBUNTU_CODENAME=focal

Install tools Container runtime (CRI) and version (if applicable) Related plugins (CNI, CSI, ...) and versions (if applicable)

— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/8425, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWXANS3USUNDS2YY6CTVDJO5BANCNFSM5SOF3BRQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

PeterAndreus commented 2 years ago

Exact should not be considered as solution because different logic in working with url, but even with "Exact" pathType this bug occurs and i can acces urls i should not.

I tried:

path: /ba pathType: Exact

and with rewrite-target rule in different ingress i can access http://foo.bar.sk/banana/test

longwuyuan commented 2 years ago

(1) Please provide the information that is requested in the issue template (2) Please post the output of kubectl describe ing -A -o wide (3) Please post the exact curl command and its output (4) Please post the logs of the controller pod that are related to your curl command(s) (5) You are not discussing the fact that you are using regexp group $2 and not $1 but the requested url you posted does not even have a second regexp group. Explain why

You can actually make faster progress if you discuss this in Kubernetes.slack.com in the ingress-nginx-users channel. There is less resources here and much much resources on slack.

/remove-kind bug /kind support

PeterAndreus commented 2 years ago

(1) I provided all necessary, mandatory informations. Edited first post to delete parts that are not related to this issue (2) working with Example setup i posted in first comment: Example-ingress

```console Name: example-ingress Namespace: is-dev Address: k8s1,k8s2,k8s3,k8s4,k8s5 Default backend: default-http-backend:80 () Rules: Host Path Backends ---- ---- -------- foo.bar.sk /apple(/|$)(.*) apple-service:http 10.42.1.164:5678) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":80,"protocol":"HTTP","serviceName":"isis-dev:apple-service","ingressName":"isis-dev:example-ingress"... nginx.ingress.kubernetes.io/rewrite-target: /$2 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync ```

Example-ingress2

```console Name: example-ingress2 Namespace: isis-dev Address: k8s1,k8s2,k8s3,k8s4,k8s5 Default backend: default-http-backend:80 () Rules: Host Path Backends ---- ---- -------- foo.bar.sk /ba banana-service:http 10.42.1.165:5678) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":80,"protocol":"HTTP","serviceName":"isis-dev:banana-service","ingressName":"isis-dev:example-ingress... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync Normal Sync 35m (x3 over 35m) nginx-ingress-controller Scheduled for sync ```

(3):

The only correct response that should occur based on example-ingress2

$ curl http://foo.bar.sk/ba
banana

Response that should NOT occur based on example-ingress2

$ curl http://foo.bar.sk/banana/app/test/whatever
banana

(4) Logs of banana pod

$ k logs -n isis-dev banana-app 
2022/04/04 06:21:36 Server is listening on :5678
2022/04/04 06:21:43 foo.bar.sk 10.42.2.233:51264 "GET /ba HTTP/1.1" 200 7 "curl/7.58.0" 100.412µs
2022/04/04 06:21:46 foo.bar.sk 10.42.2.233:51290 "GET /banana/app/test/whatever HTTP/1.1" 200 7 "curl/7.58.0" 62.908µs

(5) Im trying to post in most simplicity i can, problem is not about rewriting path, problem is that annotation in FIRST ingress affects rules in SECOND ingress According to examples at documentation https://kubernetes.io/docs/concepts/services-networking/ingress/ second curl should NOT respond

Curl commands of SECOND ingress after removing rewrite-target annotation in FIRST ingress (correct behaviour):

$ curl http://foo.bar.sk/ba
banana
$ curl http://foo.bar.sk/banana
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
$ curl http://foo.bar.sk/banana/app/test/whatever
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

Banana pod logs without rewrite-target annotation in different ingress:

$ k logs -n isis-dev banana-app 
2022/04/04 06:34:25 Server is listening on :5678
2022/04/04 06:34:29 foo.bar.sk 10.42.2.233:46658 "GET /ba HTTP/1.1" 200 7 "curl/7.58.0" 18.944µs

I also joined channel on slack but it seems there are just questions, not answers

longwuyuan commented 2 years ago

Are you expecting a request for this url http://foo.bar.sk/banana/app/test/whatever, to match the rules configured in the ingress object called example-ingress2 ?

PeterAndreus commented 2 years ago

Thats the point that url should not match rules in example-ingress2

However when there is rewrite-target annotation in example-ingress (different ingress in same namespace) that url is accessible via match in example-ingress2

longwuyuan commented 2 years ago

do you see both rules configured for the same server block in nginx.conf ?

longwuyuan commented 2 years ago

When the see the kubectl describe output of example-ingress2 and the requested URL as http://foo.bar.sk/banana/app/test/whatever, I suspect the existence of string "ba" in the path, right after /, is a match. If yo can show kubectl get ing example-ingress2 -o yaml maybe we can know more as to why you think there should not be a match.

longwuyuan commented 2 years ago

also, did you even try a curl exactly as described in the documentation you have referenced. Maybe you should configure your ingress for the exact same path as shown in the example, and with exact same pathType and then send a request for the exact same URL as described in example.

Its not a apples to apples comparison, if you compare path "/aaa/bb" with the path you have configured. Also its not a apples to apples comparison, when you compare the URL in the example with the URL you have requested in your curl command.

PeterAndreus commented 2 years ago

Generated nginx.conf with rewrite-target annotation (templating is messed up with this, so i upload at pastebin): https://pastebin.com/raw/vxLxjDz3

Generated nginx.conf without rewrite-target annotation: https://pastebin.com/raw/ARPg2bpr

So yes, both rules are in same server block. Notice differences in location rules as i mentioned in first post

kubectl get ing example-ingress2 -o yaml

``` apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: field.cattle.io/publicEndpoints: '[{"addresses":["","","","",""],"port":80,"protocol":"HTTP","serviceName":"isis-dev:banana-service","ingressName":"isis-dev:example-ingress2","hostname":"foo.bar.sk","path":"/ba","allNodes":false}]' kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{},"name":"example-ingress2","namespace":"isis-dev"},"spec":{"rules":[{"host":"foo.bar.sk","http":{"paths":[{"backend":{"service":{"name":"banana-service","port":{"name":"http"}}},"path":"/ba","pathType":"Prefix"}]}}]}} creationTimestamp: "2022-04-04T07:24:25Z" generation: 2 managedFields: - apiVersion: networking.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:kubectl.kubernetes.io/last-applied-configuration: {} f:spec: f:rules: {} manager: kubectl-client-side-apply operation: Update time: "2022-04-04T07:24:25Z" - apiVersion: networking.k8s.io/v1beta1 fieldsType: FieldsV1 fieldsV1: f:status: f:loadBalancer: f:ingress: {} manager: nginx-ingress-controller operation: Update time: "2022-04-04T07:25:15Z" - apiVersion: extensions/v1beta1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:field.cattle.io/publicEndpoints: {} manager: rancher operation: Update time: "2022-04-04T07:25:15Z" name: example-ingress2 namespace: isis-dev resourceVersion: "355786354" uid: f9db3bdf-969b-48a4-9a9c-a02580db40d9 spec: rules: - host: foo.bar.sk http: paths: - backend: service: name: banana-service port: name: http path: /ba pathType: Prefix status: loadBalancer: ingress: - hostname: k8s1 - hostname: k8s2 - hostname: k8s3 - hostname: k8s4 - hostname: k8s5 ```

I configured example-ingress2 same as in example:


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress2
spec:
  rules:
  - host: foo.bar.sk
    http:
      paths:
      - path: /aaa/bb
        pathType: Prefix
        backend:
          service:
            name: banana-service
            port:
              name: http

This ingress should match only /aaa/bb according to example in documentation, however:

$ curl foo.bar.sk/aaa/bbb
banana

And as im writing since beggining, when i remove rewrite-target annotation in example-ingress, matching in example-ingress2 is as in example and /aaa/bbb is not match

longwuyuan commented 2 years ago

This update has information but like I have been hinting, can you show the log for this curl command request.

My request is that in one single post here, please show the entire information related to one http request. That means ;

kubectl get ing -A -o wide
kubectl describe ing -A
kubectl get sec -A -o wide | grep -I ingress
logs
curl command with date prefix

In your last curl command, you did not show logs because ingress controller can never ever give you a response if there was no matching rule. So some rule matched to give you the response as "banana"

PeterAndreus commented 2 years ago

$ kubectl get ing -A -o wide

``` NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE cattle-system rancher rancher.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 506d isis-dev cisma-cisma isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 34d isis-dev example-ingress foo.bar.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80 101m isis-dev example-ingress2 foo.bar.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80 101m isis-dev isis-backend isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-dev isis-backend-rest isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-dev isis-frontend isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-dev isis-keycloak isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-dev isis-param isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-dev isis-public isis-dev-public.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-dev isis-regis isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-dev isis-taskapp isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-dev isis-taskapp-frontend isis-dev.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 3d3h isis-mc cisma-cisma isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 16d isis-mc cisma-sk cisma.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80 17d isis-mc isis-backend isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h isis-mc isis-backend-rest isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h isis-mc isis-frontend isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h isis-mc isis-keycloak isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h isis-mc isis-param isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h isis-mc isis-public isis-public.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h isis-mc isis-regis isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h isis-mc isis-taskapp isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h isis-mc isis-taskapp-frontend isis.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 6d21h muses muses-cms-frontend muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-codelist-api muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-document-api muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-esprit-proxy-map muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-keycloak muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-maildev muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-notification muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-portal-frontend muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-profile muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-rabbitmq muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-report-api muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-swagger-ui muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-task-api muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d muses muses-template-api muses.k8s.bb.microcomp.sk k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk 80, 443 55d ```

$ kubectl describe ing -A

``` Name: rancher Namespace: cattle-system Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: tls-rancher-ingress terminates rancher.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- rancher.k8s.bb.microcomp.sk rancher:80 10.42.1.254:80,10.42.2.242:80,10.42.4.219:80) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"cattle-system:rancher","ingressName":"cattle-system:rancher","... meta.helm.sh/release-name: rancher meta.helm.sh/release-namespace: cattle-system nginx.ingress.kubernetes.io/proxy-connect-timeout: 30 nginx.ingress.kubernetes.io/proxy-read-timeout: 1800 nginx.ingress.kubernetes.io/proxy-send-timeout: 1800 Events: Name: cisma-cisma Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk /cisma cisma-cisma:http 10.42.2.142:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:cisma-cisma","ingressName":"isis-dev:cisma-cisma","ho... meta.helm.sh/release-name: cisma meta.helm.sh/release-namespace: isis-dev Events: Name: example-ingress Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () Rules: Host Path Backends ---- ---- -------- foo.bar.sk /apple(/|$)(.*) apple-service:http 10.42.1.9:5678) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":80,"protocol":"HTTP","serviceName":"isis-dev:apple-service","ingressName":"isis-dev:example-ingress"... nginx.ingress.kubernetes.io/rewrite-target: /$2 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Sync 18s (x7 over 100m) nginx-ingress-controller Scheduled for sync Normal Sync 18s (x7 over 100m) nginx-ingress-controller Scheduled for sync Normal Sync 18s (x7 over 100m) nginx-ingress-controller Scheduled for sync Normal Sync 18s (x7 over 100m) nginx-ingress-controller Scheduled for sync Normal Sync 18s (x7 over 100m) nginx-ingress-controller Scheduled for sync Name: example-ingress2 Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () Rules: Host Path Backends ---- ---- -------- foo.bar.sk /aaa/bb banana-service:http 10.42.1.8:5678) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":80,"protocol":"HTTP","serviceName":"isis-dev:banana-service","ingressName":"isis-dev:example-ingress... Events: Name: isis-backend Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk /KrazGui isis-backend:http 10.42.3.100:8080) /kraz isis-backend:http 10.42.3.100:8080) /dis-ws isis-backend:http 10.42.3.100:8080) /stat-ws isis-backend:http 10.42.3.100:8080) /iam-ws isis-backend:http 10.42.3.100:8080) /tm-ws isis-backend:http 10.42.3.100:8080) /healthz isis-backend:http 10.42.3.100:8080) /dojo_war isis-backend:http 10.42.3.100:8080) /mc_war isis-backend:http 10.42.3.100:8080) /MetisInternalApi isis-backend:http 10.42.3.100:8080) /ZberInternalApi isis-backend:http 10.42.3.100:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-backend","ingressName":"isis-dev:isis-backend","... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent Events: Name: isis-backend-rest Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk /rest(/|$)(.*) isis-backend:http 10.42.3.100:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-backend","ingressName":"isis-dev:isis-backend-re... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev Events: Name: isis-frontend Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk / isis-frontend:http 10.42.1.191:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-frontend","ingressName":"isis-dev:isis-frontend"... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent Events: Name: isis-keycloak Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk /auth isis-keycloak:http 10.42.1.198:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-keycloak","ingressName":"isis-dev:isis-keycloak"... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev Events: Name: isis-param Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk /param-app isis-param:http 10.42.1.189:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-param","ingressName":"isis-dev:isis-param","host... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev Events: Name: isis-public Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev-public.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev-public.k8s.bb.microcomp.sk / isis-public:http 10.42.1.193:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-public","ingressName":"isis-dev:isis-public","ho... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent Events: Name: isis-regis Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk /RegisGui isis-regis:http 10.42.2.20:8080,10.42.3.101:8080) /RegisRoRestApi isis-regis:http 10.42.2.20:8080,10.42.3.101:8080) /RegisRepUnitRestApi isis-regis:http 10.42.2.20:8080,10.42.3.101:8080) /RegisCodelistRestApi isis-regis:http 10.42.2.20:8080,10.42.3.101:8080) /reg isis-regis:http 10.42.2.20:8080,10.42.3.101:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-regis","ingressName":"isis-dev:isis-regis","host... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.192.170 Events: Name: isis-taskapp Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk /taskApp/ isis-taskapp:http 10.42.1.194:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-taskapp","ingressName":"isis-dev:isis-taskapp","... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev Events: Name: isis-taskapp-frontend Namespace: isis-dev Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-dev.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-dev.k8s.bb.microcomp.sk /task-app-frontend(/|$)(.*) isis-taskapp-frontend:http 10.42.4.161:80) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-dev:isis-taskapp-frontend","ingressName":"isis-dev:isis-t... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-dev nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent Events: Name: cisma-cisma Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk /cisma cisma-cisma:http 10.42.2.139:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:cisma-cisma","ingressName":"isis-mc:cisma-cisma","host... meta.helm.sh/release-name: cisma meta.helm.sh/release-namespace: isis-mc Events: Name: cisma-sk Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () Rules: Host Path Backends ---- ---- -------- cisma.sk /cisma cisma-cisma:8080 10.42.2.139:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":80,"protocol":"HTTP","serviceName":"isis-mc:cisma-cisma","ingressName":"isis-mc:cisma-sk","hostname"... Events: Name: isis-backend Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk /KrazGui isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /kraz isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /dis-ws isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /stat-ws isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /iam-ws isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /tm-ws isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /healthz isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /dojo_war isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /mc_war isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /MetisInternalApi isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) /ZberInternalApi isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-backend","ingressName":"isis-mc:isis-backend","ho... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent Events: Name: isis-backend-rest Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk /rest(/|$)(.*) isis-backend:http 10.42.3.82:8080,10.42.5.209:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-backend","ingressName":"isis-mc:isis-backend-rest... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc nginx.ingress.kubernetes.io/rewrite-target: /$2 Events: Name: isis-frontend Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk / isis-frontend:http 10.42.2.3:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-frontend","ingressName":"isis-mc:isis-frontend","... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent Events: Name: isis-keycloak Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk /auth isis-keycloak:http 10.42.4.60:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-keycloak","ingressName":"isis-mc:isis-keycloak","... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc Events: Name: isis-param Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk /param-app isis-param:http 10.42.2.4:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-param","ingressName":"isis-mc:isis-param","hostna... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc Events: Name: isis-public Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis-public.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis-public.k8s.bb.microcomp.sk / isis-public:http 10.42.5.201:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-public","ingressName":"isis-mc:isis-public","host... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent Events: Name: isis-regis Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk /RegisGui isis-regis:http 10.42.2.12:8080,10.42.4.61:8080) /RegisRoRestApi isis-regis:http 10.42.2.12:8080,10.42.4.61:8080) /RegisRepUnitRestApi isis-regis:http 10.42.2.12:8080,10.42.4.61:8080) /RegisCodelistRestApi isis-regis:http 10.42.2.12:8080,10.42.4.61:8080) /reg isis-regis:http 10.42.2.12:8080,10.42.4.61:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-regis","ingressName":"isis-mc:isis-regis","hostna... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc Events: Name: isis-taskapp Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk /taskApp/ isis-taskapp:http 10.42.5.202:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-taskapp","ingressName":"isis-mc:isis-taskapp","ho... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc Events: Name: isis-taskapp-frontend Namespace: isis-mc Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes isis.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- isis.k8s.bb.microcomp.sk /task-app-frontend(/|$)(.*) isis-taskapp-frontend:http 10.42.2.9:80) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"isis-mc:isis-taskapp-frontend","ingressName":"isis-mc:isis-tas... meta.helm.sh/release-name: isis meta.helm.sh/release-namespace: isis-mc nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/affinity-mode: persistent nginx.ingress.kubernetes.io/rewrite-target: /$2 Events: Name: muses-cms-frontend Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /cms muses-cms-frontend:http 10.42.5.29:80) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-cms-frontend","ingressName":"muses:muses-cms-front... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-codelist-api Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /api/codelists muses-codelist-api:http 10.42.5.32:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-codelist-api","ingressName":"muses:muses-codelist-... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-document-api Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /api/documents muses-document-api:http 10.42.3.26:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-document-api","ingressName":"muses:muses-document-... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-esprit-proxy-map Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /podporne/musesapp/ muses-esprit-proxy-map:http 10.42.4.214:80) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-esprit-proxy-map","ingressName":"muses:muses-espri... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-keycloak Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /auth muses-keycloak:http 10.42.4.40:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-keycloak","ingressName":"muses:muses-keycloak","ho... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-maildev Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /maildev muses-maildev:http 10.42.4.215:80) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-maildev","ingressName":"muses:muses-maildev","host... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-notification Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /api/notifications muses-notification:http 10.42.5.40:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-notification","ingressName":"muses:muses-notificat... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-portal-frontend Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk / muses-portal-frontend:http 10.42.5.34:80) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-portal-frontend","ingressName":"muses:muses-portal... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-profile Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /api/profile muses-profile:http 10.42.5.37:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-profile","ingressName":"muses:muses-profile","host... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-rabbitmq Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /ws muses-rabbitmq:webstomp 10.42.1.43:15674) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-rabbitmq","ingressName":"muses:muses-rabbitmq","ho... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 nginx.ingress.kubernetes.io/proxy-read-timeout: 300 nginx.ingress.kubernetes.io/proxy-send-timeout: 300 Events: Name: muses-report-api Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /api/reports muses-report-api:http 10.42.5.33:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-report-api","ingressName":"muses:muses-report-api"... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-swagger-ui Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /api/doc muses-swagger-ui:http 10.42.5.31:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-swagger-ui","ingressName":"muses:muses-swagger-ui"... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-task-api Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /api/tasks muses-task-api:http 10.42.5.35:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-task-api","ingressName":"muses:muses-task-api","ho... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: Name: muses-template-api Namespace: muses Address: k8s1.bb.microcomp.sk,k8s2.bb.microcomp.sk,k8s3.bb.microcomp.sk,k8s4.bb.microcomp.sk,k8s5.bb.microcomp.sk Default backend: default-http-backend:80 () TLS: SNI routes muses.k8s.bb.microcomp.sk Rules: Host Path Backends ---- ---- -------- muses.k8s.bb.microcomp.sk /api/template muses-template-api:http 10.42.1.44:8080) Annotations: field.cattle.io/publicEndpoints: [{"addresses":["","","","",""],"port":443,"protocol":"HTTPS","serviceName":"muses:muses-template-api","ingressName":"muses:muses-template-... meta.helm.sh/release-name: muses meta.helm.sh/release-namespace: muses nginx.ingress.kubernetes.io/proxy-body-size: 0 Events: ```

$ kubectl get sec -A -o wide | grep -I ingress
error: the server doesn't have a resource type "sec"

CURL:

$ curl foo.bar.sk/aaa/bbb -v
*   Trying 192.168.190.182...
* TCP_NODELAY set
* Connected to foo.bar.sk (192.168.190.182) port 80 (#0)
> GET /aaa/bbb HTTP/1.1
> Host: foo.bar.sk
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Mon, 04 Apr 2022 09:09:41 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 7
< Connection: keep-alive
< X-App-Name: http-echo
< X-App-Version: 0.2.3
< 
banana
* Connection #0 to host foo.bar.sk left intact

LOGS of bannana pod


$ k logs -n isis-dev banana-app 
2022/04/04 07:24:28 Server is listening on :5678
2022/04/04 07:25:33 foo.bar.sk 10.42.2.233:45936 "GET /bbb HTTP/1.1" 200 7 "curl/7.58.0" 14.289µs
2022/04/04 07:25:35 foo.bar.sk 10.42.2.233:45962 "GET /bb HTTP/1.1" 200 7 "curl/7.58.0" 40.86µs
2022/04/04 07:35:09 foo.bar.sk 10.42.2.233:49906 "GET /aaa/bbb HTTP/1.1" 200 7 "curl/7.58.0" 14.462µs
2022/04/04 07:35:11 foo.bar.sk 10.42.2.233:49918 "GET /aaa/bb HTTP/1.1" 200 7 "curl/7.58.0" 9.402µs
2022/04/04 07:46:55 foo.bar.sk 10.42.2.233:54726 "GET /aaa/bb HTTP/1.1" 200 7 "curl/7.58.0" 11.963µs
2022/04/04 09:04:37 foo.bar.sk 10.42.2.233:58132 "GET /aaa/bbb HTTP/1.1" 200 7 "curl/7.58.0" 28.553µs
2022/04/04 09:08:06 foo.bar.sk 10.42.2.233:59552 "GET /aaa/bbb HTTP/1.1" 200 7 "curl/7.58.0" 26.033µs
2022/04/04 09:09:41 foo.bar.sk 10.42.2.233:60202 "GET /aaa/bbb HTTP/1.1" 200 7 "curl/7.58.0" 10.168µs

PeterAndreus commented 2 years ago

As i said problem is in generated nginx.conf that i pasted in previous comment not in ingress configuration: nginx.conf when no rewrite-target is applied has this location rules:

location = /ba {
location /ba/ {

so only foo.bar.sk/ba or foo.bar.sk/ba/ is match

However nginx.conf when rewrite-target is applied in any ingress has this location rules:

location ~* "^/ba" {
location ~* "^/ba/" {

so anything that starts with foo.bar.sk/ba mathces If i read correctly, ~ means that nginx matches case insensitive regex, and ^ in regex means starts with so `location ~ "^/ba" ` matches url which starts with /ba, so /banana for example

I would assume that when i add rewrite-target annotation to ingress with match - path: /apple(/|$)(.*) generated nginx.conf should have rewrite only location location ~* "^/apple(/|$)(.*)" not some /ba location defined in another ingress

longwuyuan commented 2 years ago

of-course the first matching rule will get processed. I responded to you on slack https://kubernetes.slack.com/archives/CANQGM8BA/p1649052053515279

longwuyuan commented 2 years ago

how did you install ingress-nginx controller ? On which environment are you running the cluster ? Please post the information requested in the issue template. The screenshot below does not show how you installed ingress-nginx controller

longwuyuan commented 2 years ago

on a zoom session, it was determined that the problem to be solved is whitelisting based on path.

Hence use of whitelisting annotation on a ingress object that shared host with other ingress objects but the path is unique.

remidebette commented 2 years ago

Hi,

Has any progress been made on this?

I think I am hitting a related same issue on v1.0.4
I have a development environment with a hostname such as foo.bar.sk, the ingress would be

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress-root
spec:
  rules:
  - host: foo.bar.sk
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: banana-service
            port:
              name: http

Then I am creating release branches that have a path prefix /apple, using ingresses configured exactly as example-ingress in the minimum reproducible example, with the same hostname foo.bar.sk
If both ingresses with the same hostname are present I start getting randomly get 404 from queries to foo.bar.sk/apple

Can this be linked to the bad interaction described in this ticket?

longwuyuan commented 2 years ago

For fqdn foo.bar.com if you have Prefix / and Prefix /apple, then Prefix / will match anything and everything sent to foo.bar.com (unless you have rules blocking that). Hence it will help if someone provides the required details because I still don't understand what is the problem to be solved.

k8s-triage-robot commented 2 years ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

PeterAndreus commented 2 years ago

/remove-lifecycle stale

k8s-triage-robot commented 2 years ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

remidebette commented 2 years ago

/remove-lifecycle stale

longwuyuan commented 6 months ago

@PeterAndreus the issue-description revolves around the location block created when the rewrite annotation is in use.

But since beginning till the end, the authenticity of the reports is missing the critical info like ;

kubectl get all -n ingress-nginx
kubectl describe of svc in app ns
kubectl describe of ingress in app ns
Actual curl request sent as is with -v
Logs of the controller pod with rewrite log enabled

And this issue has been without traction for 2 years.

I think it will take the info that I listed here above and more to establish what problem needs to be solved in the controller. Currently this issue contains a expectation on what the server blocks should contain as location blocks.

Add to that, there is some validations in paths that is new to this issue.

There are too many issues that are inactive with non-conclusive data so no action-item is clear from the data in the issue. This being one of such issue. Its hard to keep it open as there is no action-item we can track on the project's side.

So I will close this issue for now. Feel free to re-open the issue after you have provided the live cluster info as listed above at least. Using the recent release of the controller.

Thanks.

/close

k8s-ci-robot commented 6 months ago

@longwuyuan: Closing this issue.

In response to [this](https://github.com/kubernetes/ingress-nginx/issues/8425#issuecomment-2086606592): >@PeterAndreus the issue-description revolves around the location block created when the rewrite annotation is in use. > >But since beginning till the end, the authenticity of the reports is missing the critical info like ; >- kubectl get all -n ingress-nginx >- kubectl describe of svc in app ns >- kubectl describe of ingress in app ns >- Actual curl request sent as is with -v >- Logs of the controller pod with rewrite log enabled > >And this issue has been without traction for 2 years. > >I think it will take the info that I listed here above and more to establish what problem needs to be solved in the controller. Currently this issue contains a expectation on what the server blocks should contain as location blocks. > >Add to that, there is some validations in paths that is new to this issue. > >There are too many issues that are inactive with non-conclusive data so no action-item is clear from the data in the issue. This being one of such issue. Its hard to keep it open as there is no action-item we can track on the project's side. > >So I will close this issue for now. Feel free to re-open the issue after you have provided the live cluster info as listed above at least. Using the recent release of the controller. > >Thanks. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

kubernetes / ingress-nginx