Ingress-nginx: Path based routing only works with base path
Is this a request for help? (If yes, you should use our troubleshooting guide and community support channels, see https://kubernetes.io/docs/tasks/debug-application-cluster/troubleshooting/.):
What keywords did you search in NGINX Ingress controller issues before filing this one? (If you have found any duplicates, you should instead reply there.):
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
Bug Report
NGINX Ingress controller version:
10.2 and 11.0
Kubernetes version (use kubectl version):
1.9.3 and 1.8.2
Environment:
Azure AKS and Azure ACS-Engine Cluster
- Cloud provider or hardware configuration:
- OS (e.g. from /etc/os-release): Debian GNU/Linux 8 (jessie):Ubuntu 16.04
- Kernel (e.g.
uname -a): 4.11.0-1015-azure - Install tools: AKS and ACS-Engine
- Others:
kube-lego for TLS management
What happened:
Ingress rule to do TLS secure path based routing only routes correctly to default path "/" and not the second service on path "/hello2"
What you expected to happen:
If I go to http://url/ the service that is expected is return, however if I go to http://url/hello2 I get a generic 404 Not Found
How to reproduce it (as minimally and precisely as possible):
helm install stable/nginx-ingressorhelm install stable/nginx --set controller.image.tag=0.11.0- Wait for service to return external IP from Azure ALB
kubectl get svc -w - Map new Public IP with a DNS Name either in Azure directly or using DNS Provider
3a. If using Azure provided DNS use this script:
#!/bin/bash
# Public IP address
IP="52.224.125.195" #replace with Public IP address assigned to ngnix service in K8s
# Name to associate with public IP address
DNSNAME="demo-aks-ingress"
# Get resource group and public ip name
RESOURCEGROUP=$(az network public-ip list --query "[?contains(ipAddress, '$IP')].[resourceGroup]" --output tsv)
PIPNAME=$(az network public-ip list --query "[?contains(ipAddress, '$IP')].[name]" --output tsv)
# Update public ip address with dns name
az network public-ip update --resource-group $RESOURCEGROUP --name $PIPNAME --dns-name $DNSNAME
3b. Get FQDN of PublicIP az network public-ip list --query "[?contains(ipAddress, '52.224.125.195')].[dnsSettings.fqdn]" --output tsv
Install kube-lego and modify LEGO_EMAIL to a real email address
helm install stable/kube-lego \
--set [email protected] \
--set config.LEGO_URL=https://acme-v01.api.letsencrypt.org/directoryCreate 2 services to host behind proxy
helm repo add azure-samples https://azure-samples.github.io/helm-charts/
helm install azure-samples/aks-helloworld
helm install azure-samples/aks-helloworld --set title="AKS Ingress Demo" --set serviceName="ingress-demo"Create an ingress yaml. Be sure to change host entry to the FQDn retrieved in step 3b or one you created in your own DNS provider:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
kubernetes.io/tls-acme: "true"
ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- demo-aks-ingress.eastus.cloudapp.azure.com
secretName: tls-secret
rules:
- host: demo-aks-ingress.eastus.cloudapp.azure.com
http:
paths:
- path: /
backend:
serviceName: aks-helloworld
servicePort: 80
- path: /hello2
backend:
serviceName: ingress-demo
servicePort: 80
Anything else we need to know:
Both web services are working correctly. If I switch the name of the services you can see the different backends but only when using base path "/"
TLS is working correctly and site is signed as expected.
nginx.conf file:
daemon off;
worker_processes 1;
pid /run/nginx.pid;
worker_rlimit_nofile 346615;
worker_shutdown_timeout 10s ;
events {
multi_accept on;
worker_connections 16384;
use epoll;
}
http {
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
geoip_country /etc/nginx/geoip/GeoIP.dat;
geoip_city /etc/nginx/geoip/GeoLiteCity.dat;
geoip_org /etc/nginx/geoip/GeoIPASNum.dat;
geoip_proxy_recursive on;
aio threads;
aio_write on;
tcp_nopush on;
tcp_nodelay on;
log_subrequest on;
reset_timedout_connection on;
keepalive_timeout 75s;
keepalive_requests 100;
client_header_buffer_size 1k;
client_header_timeout 60s;
large_client_header_buffers 4 8k;
client_body_buffer_size 8k;
client_body_timeout 60s;
http2_max_field_size 4k;
http2_max_header_size 16k;
types_hash_max_size 2048;
server_names_hash_max_size 1024;
server_names_hash_bucket_size 64;
map_hash_bucket_size 64;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
variables_hash_bucket_size 128;
variables_hash_max_size 2048;
underscores_in_headers off;
ignore_invalid_headers on;
limit_req_status 503;
include /etc/nginx/mime.types;
default_type text/html;
gzip on;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
gzip_proxied any;
gzip_vary on;
# Custom headers for response
server_tokens on;
# disable warnings
uninitialized_variable_warn off;
# Additional available variables:
# $namespace
# $ingress_name
# $service_name
log_format upstreaminfo '$the_real_ip - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status';
map $request_uri $loggable {
default 1;
}
access_log /var/log/nginx/access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/error.log notice;
resolver 10.0.0.10 valid=30s;
# Retain the default nginx handling of requests without a "Connection" header
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
map $http_x_forwarded_for $the_real_ip {
default $remote_addr;
}
# trust http_x_forwarded_proto headers correctly indicate ssl offloading
map $http_x_forwarded_proto $pass_access_scheme {
default $http_x_forwarded_proto;
'' $scheme;
}
# validate $pass_access_scheme and $scheme are http to force a redirect
map "$scheme:$pass_access_scheme" $redirect_to_https {
default 0;
"http:http" 1;
"https:http" 1;
}
map $http_x_forwarded_port $pass_server_port {
default $http_x_forwarded_port;
'' $server_port;
}
map $pass_server_port $pass_port {
443 443;
default $pass_server_port;
}
# Obtain best http host
map $http_host $this_host {
default $http_host;
'' $host;
}
map $http_x_forwarded_host $best_http_host {
default $http_x_forwarded_host;
'' $this_host;
}
server_name_in_redirect off;
port_in_redirect off;
rewrite_log on;
ssl_protocols TLSv1.2;
# turn on session caching to drastically improve performance
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
# allow configuring ssl session tickets
ssl_session_tickets on;
# slightly reduce the time-to-first-byte
ssl_buffer_size 4k;
# allow configuring custom ssl ciphers
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve auto;
proxy_ssl_session_reuse on;
upstream default-ingress-demo-80 {
# Load balance algorithm; empty for round robin, which is the default
least_conn;
keepalive 32;
server 10.244.2.35:80 max_fails=0 fail_timeout=0;
}
upstream default-aks-helloworld-80 {
# Load balance algorithm; empty for round robin, which is the default
least_conn;
keepalive 32;
server 10.244.2.34:80 max_fails=0 fail_timeout=0;
}
upstream default-kube-lego-nginx-8080 {
# Load balance algorithm; empty for round robin, which is the default
least_conn;
keepalive 32;
server 10.244.2.33:8080 max_fails=0 fail_timeout=0;
}
upstream upstream-default-backend {
# Load balance algorithm; empty for round robin, which is the default
least_conn;
keepalive 32;
server 10.244.2.31:8080 max_fails=0 fail_timeout=0;
}
## start server _
server {
server_name _ ;
listen 80 default_server backlog=511;
listen [::]:80 default_server backlog=511;
set $proxy_upstream_name "-";
listen 443 default_server backlog=511 ssl http2;
listen [::]:443 default_server backlog=511 ssl http2;
# PEM sha: 6ffc997c0748dca2604bd8fea0e35d31a6bce41f
ssl_certificate /ingress-controller/ssl/default-fake-certificate.pem;
ssl_certificate_key /ingress-controller/ssl/default-fake-certificate.pem;
more_set_headers "Strict-Transport-Security: max-age=15724800; includeSubDomains;";
location / {
port_in_redirect off;
set $proxy_upstream_name "upstream-default-backend";
set $namespace "";
set $ingress_name "";
set $service_name "";
client_max_body_size "1m";
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-cert "";
proxy_set_header ssl-client-verify "";
proxy_set_header ssl-client-dn "";
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering "off";
proxy_buffer_size "4k";
proxy_buffers 4 "4k";
proxy_request_buffering "on";
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
proxy_pass http://upstream-default-backend;
proxy_redirect off;
}
# health checks in cloud providers require the use of port 80
location /healthz {
access_log off;
return 200;
}
# this is required to avoid error if nginx is being monitored
# with an external software (like sysdig)
location /nginx_status {
allow 127.0.0.1;
allow ::1;
deny all;
access_log off;
stub_status on;
}
}
## end server _
## start server aks182east.evillgenius.com
server {
server_name aks182east.evillgenius.com ;
listen 80;
listen [::]:80;
set $proxy_upstream_name "-";
listen 443 ssl http2;
listen [::]:443 ssl http2;
# PEM sha: 3781aeafb6f20fc098e2b98486f2561e7c816d7e
ssl_certificate /ingress-controller/ssl/default-tls-secret.pem;
ssl_certificate_key /ingress-controller/ssl/default-tls-secret.pem;
ssl_trusted_certificate /ingress-controller/ssl/default-tls-secret-full-chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
more_set_headers "Strict-Transport-Security: max-age=15724800; includeSubDomains;";
location /hello2 {
port_in_redirect off;
set $proxy_upstream_name "default-aks-helloworld-80";
set $namespace "default";
set $ingress_name "hello-world-ingress";
set $service_name "aks-helloworld";
# enforce ssl on server side
if ($redirect_to_https) {
return 308 https://$best_http_host$request_uri;
}
client_max_body_size "1m";
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-cert "";
proxy_set_header ssl-client-verify "";
proxy_set_header ssl-client-dn "";
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering "off";
proxy_buffer_size "4k";
proxy_buffers 4 "4k";
proxy_request_buffering "on";
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
proxy_pass http://default-aks-helloworld-80;
proxy_redirect off;
}
location /.well-known/acme-challenge {
port_in_redirect off;
set $proxy_upstream_name "default-kube-lego-nginx-8080";
set $namespace "default";
set $ingress_name "kube-lego-nginx";
set $service_name "kube-lego-nginx";
# enforce ssl on server side
if ($redirect_to_https) {
return 308 https://$best_http_host$request_uri;
}
client_max_body_size "1m";
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-cert "";
proxy_set_header ssl-client-verify "";
proxy_set_header ssl-client-dn "";
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering "off";
proxy_buffer_size "4k";
proxy_buffers 4 "4k";
proxy_request_buffering "on";
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
proxy_pass http://default-kube-lego-nginx-8080;
proxy_redirect off;
}
location / {
port_in_redirect off;
set $proxy_upstream_name "default-ingress-demo-80";
set $namespace "default";
set $ingress_name "hello-world-ingress";
set $service_name "ingress-demo";
# enforce ssl on server side
if ($redirect_to_https) {
return 308 https://$best_http_host$request_uri;
}
client_max_body_size "1m";
proxy_set_header Host $best_http_host;
# Pass the extracted client certificate to the backend
proxy_set_header ssl-client-cert "";
proxy_set_header ssl-client-verify "";
proxy_set_header ssl-client-dn "";
# Allow websocket connections
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Scheme $pass_access_scheme;
# Pass the original X-Forwarded-For
proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;
# mitigate HTTPoxy Vulnerability
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";
# Custom headers to proxied server
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering "off";
proxy_buffer_size "4k";
proxy_buffers 4 "4k";
proxy_request_buffering "on";
proxy_http_version 1.1;
proxy_cookie_domain off;
proxy_cookie_path off;
# In case of errors try the next upstream server before returning an error
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
proxy_pass http://default-ingress-demo-80;
proxy_redirect off;
}
}
## end server aks182east.evillgenius.com
# default server, used for NGINX healthcheck and access to nginx stats
server {
# Use the port 18080 (random value just to avoid known ports) as default port for nginx.
# Changing this value requires a change in:
# https://github.com/kubernetes/ingress-nginx/blob/master/controllers/nginx/pkg/cmd/controller/nginx.go
listen 18080 default_server backlog=511;
listen [::]:18080 default_server backlog=511;
set $proxy_upstream_name "-";
location /healthz {
access_log off;
return 200;
}
location /nginx_status {
set $proxy_upstream_name "internal";
access_log off;
stub_status on;
}
location / {
set $proxy_upstream_name "upstream-default-backend";
proxy_pass http://upstream-default-backend;
}
}
}
stream {
log_format log_stream [$time_local] $protocol $status $bytes_sent $bytes_received $session_time;
access_log /var/log/nginx/access.log log_stream;
error_log /var/log/nginx/error.log;
# TCP services
# UDP services
}
evillgenius75
👍6
All 13 comments
I run into the same issue just by following the AKS tutorial: https://docs.microsoft.com/en-us/azure/aks/ingress
mrdfuse
on 4 Mar 2018
Closing. The issue with the article is the prefix of the annotations, it should be nginx.ingress.kubernetes.io
aledbf
on 4 Mar 2018
👍3
@evillgenius75 please reopen if you have more questions
aledbf
on 4 Mar 2018
We are still seeing this even with the new annotation.
/reopen
kargakis
on 16 May 2018
@kargakis: you can't re-open an issue/PR unless you authored it or you are assigned to it.
In response to this:
We are still seeing this even with the new annotation.
/reopen
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
k8s-ci-robot
on 16 May 2018
Versions:
kubernetes v1.9.7
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.14.0
k8s.gcr.io/defaultbackend:1.3
kargakis
on 16 May 2018
/kind bug
kargakis
on 16 May 2018
I am also encountering this with:
quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2
gcr.io/google_containers/defaultbackend:1.4
@aledbf , essentially all ingress paths except for root get ignored as long as I am attempting to use https. Is this a known issue?
I'm trying to use nginx ingress with ssl-passthrough so that my backend Tomcat-based containers can perform TLS termination. Our application requires dual authentication so that x509 user certificate details can be passed along (DOD requirement).
Do you have any thoughts as to why only the root ingress path is being used and all others ignored? Any help is appreciated.
Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx","nginx.ingress.kubernetes.io/auth-tls-error-page":"https://failblog.cheezburger.com/","nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream":"true","nginx.ingress.kubernetes.io/auth-tls-secret":"icodes-test/icodestestcasecret","nginx.ingress.kubernetes.io/auth-tls-verify-client":"on","nginx.ingress.kubernetes.io/auth-tls-verify-depth":"1","nginx.ingress.kubernetes.io/configuration-snippet":"set_by_lua $client_cert \"return ngx.var.ssl_client_raw_cert:gsub('\\\\n',' ')\";\nproxy_set_header X-SSL-CERT $client_cert;\nproxy_set_header SSL_CLIENT_CERT $client_cert;\nproxy_set_header javax.servlet.request.X509Certificate $client_cert;\nproxy_set_header com.cdmtech.ciw.sso.user.cert $client_cert;\n","nginx.ingress.kubernetes.io/secure-backends":"true"},"creationTimestamp":"2018-06-26T21:01:01Z","generation":6,"name":"icodes-test-ingress","namespace":"icodes-test","resourceVersion":"1101904","selfLink":"/apis/extensions/v1beta1/namespaces/icodes-test/ingresses/icodes-test-ingress","uid":"07ed05c0-7984-11e8-a925-42010a8a0256"},"spec":{"rules":[{"host":"icodes-test.tapslo.com","http":{"paths":[{"backend":{"serviceName":"ciwserver-service","servicePort":443},"path":"/"},{"backend":{"serviceName":"cb-service","servicePort":443},"path":"/ConveyanceBuilder"},{"backend":{"serviceName":"slp-service","servicePort":443},"path":"/SLP"},{"backend":{"serviceName":"ciwadmin-service","servicePort":443},"path":"/ciwadmin"},{"backend":{"serviceName":"ciwserver-service","servicePort":443},"path":"/cas"},{"backend":{"serviceName":"ciwserver-service","servicePort":443},"path":"/ciw-sso-tools"},{"backend":{"serviceName":"culs-service","servicePort":443},"path":"/culs"},{"backend":{"serviceName":"ciwserver-service","servicePort":443},"path":"/ebs"},{"backend":{"serviceName":"ciwserver-service","servicePort":443},"path":"/ICODESPortal"},{"backend":{"serviceName":"ciwserver-service","servicePort":443},"path":"/MBS"},{"backend":{"serviceName":"ciwserver-service","servicePort":443},"path":"/ROOT"}]}}],"tls":[{"hosts":["icodes-test.tapslo.com"],"secretName":"icodestestsecret"}]}}
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
creationTimestamp: 2018-06-29T23:02:28Z
generation: 16
name: icodes-test-ingress
namespace: icodes-test
resourceVersion: "1883657"
selfLink: /apis/extensions/v1beta1/namespaces/icodes-test/ingresses/icodes-test-ingress
uid: 7eb2752a-7bf0-11e8-a925-42010a8a0256
spec:
rules:
- host: icodes-test.tapslo.com
http:
paths:
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /
- backend:
serviceName: cb-service
servicePort: 443
path: /ConveyanceBuilder
- backend:
serviceName: cb-service
servicePort: 443
path: /ConveyanceBuilder/*
- backend:
serviceName: slp-service
servicePort: 443
path: /SLP
- backend:
serviceName: slp-service
servicePort: 443
path: /SLP/*
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ciwadmin
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ciwadmin/*
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /cas
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /cas/*
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ciw-sso-tools
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ciw-sso-tools/*
- backend:
serviceName: culs-service
servicePort: 443
path: /culs
- backend:
serviceName: culs-service
servicePort: 443
path: /culs/*
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ebs
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ebs/*
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ICODESPortal
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ICODESPortal/*
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /MBS
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /MBS/*
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ROOT
- backend:
serviceName: ciwserver-service
servicePort: 443
path: /ROOT/*
tls:
- hosts:
- icodes-test.tapslo.com
secretName: icodestestsecret
status:
loadBalancer:
ingress:
- ip: 35.203.143.32
Controller deployment:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "16"
creationTimestamp: 2018-06-29T22:54:01Z
generation: 16
labels:
app: ingress-nginx
name: nginx-ingress-controller
namespace: ingress-nginx
resourceVersion: "1833952"
selfLink: /apis/extensions/v1beta1/namespaces/ingress-nginx/deployments/nginx-ingress-controller
uid: 50ce2c5f-7bef-11e8-a925-42010a8a0256
spec:
replicas: 1
selector:
matchLabels:
app: ingress-nginx
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app: ingress-nginx
spec:
containers:
- args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
- --enable-ssl-passthrough
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.16.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: nginx-ingress-controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 33
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: nginx-ingress-serviceaccount
serviceAccountName: nginx-ingress-serviceaccount
terminationGracePeriodSeconds: 30
status:
availableReplicas: 1
conditions:
- lastTransitionTime: 2018-06-29T22:54:01Z
lastUpdateTime: 2018-06-29T22:54:01Z
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
observedGeneration: 16
readyReplicas: 1
replicas: 1
updatedReplicas: 1
derekrgoss
on 3 Jul 2018
Do you have any thoughts as to why only the root ingress path is being used and all others ignored? Any help is appreciated.
Please remove /* from all the paths
aledbf
on 2 Aug 2018
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 31 Oct 2018
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
fejta-bot
on 30 Nov 2018
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
fejta-bot
on 30 Dec 2018
@fejta-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen.
Mark the issue as fresh with/remove-lifecycle rotten.Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
k8s-ci-robot
on 30 Dec 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
natemurthy
路
3Comments
cehoffman
路
3Comments
jwfang
路
3Comments
vdavidoff
路
3Comments
geek876
路
3Comments
Most helpful comment
Closing. The issue with the article is the prefix of the annotations, it should be
nginx.ingress.kubernetes.io