0

I am trying to convert some logic written in kubernetes ingress configuration yaml files.

In latest versions of k8s, keywords that are with "-snippets" values are identified as risky one (e.g. configuration-snippet, auth-snippet, etc).

I have one use case, where am using header based approach to navigate to service, only if specific header is present in the request (this was earlier written using ingress object).

I tried out approach using Gateway API and HTTPRoute objects which supports header based routing, but for that i had to add explicit CRT's via helm and those doesn't come directly with k8s.

I don't want to go with this approach though, and also paths are not supposed to be changed.

How to fix this using classic ingress approach such that no any path changes will be needed.

Please find the configuration I was trying out

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: i-nginx-gateway
  namespace: my-namespace
spec:
  gatewayClassName: nginx
  listeners:
    - name: http
      protocol: HTTP
      port: 80
      allowedRoutes:
        namespaces:
          from: All

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: i-app-route
  namespace: my-namespace
spec:
  parentRefs:
    - name: i-nginx-gateway
      namespace: my-namespace
  hostnames:
    - something.com
  rules:
    # Rule 1: Authorization header present → go through asvc
    - matches:
        - path:
            type: PathPrefix
            value: /i/(.*)
          headers:
            - name: authtype
              type: Exact
              value: my-jwt
      backendRefs:
        - name: asvc
          port: 8000

    # Rule 2: No Authorization header → go directly to i
    - matches:
        - path:
            type: PathPrefix
            value: /i/(.*)
      backendRefs:
        - name: i
          port: 8000

Tried to use canary ingress approach, but somehow request are hitting primary ing only and not canary one. Added config that i am trying out.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: i-direct-ingress
  namespace: mynamespace
spec:
  ingressClassName: nginx
  rules:
  - host: something.com
    http:
      paths:
      - path: /i
        pathType: Prefix
        backend:
          service:
            name: i
            port:
              number: 8000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: i-canary-ingress
  namespace: mynamespace
  annotations:
    nginx.ingress.kubernetes.io/canary: "true"
    nginx.ingress.kubernetes.io/canary-by-header: "authtype"
    nginx.ingress.kubernetes.io/canary-by-header-value: "myjwt"
spec:
  ingressClassName: nginx
  rules:
  - host: something.com
    http:
      paths:
      - pathType: Prefix
        path: /i
        backend:
          service:
            name: asvc
            port:
              number: 8000
Improve this question
0

1 Answer 1

Reset to default
1

To utilize header-based routing in your Kubernetes setup using NGINX Ingress Controller, you can use the built-in canary deployment feature via annotations. This works by allowing routing to a secondary (canary) backend based on HTTP headers. When the specified header matches exactly your defined value, all matching traffic routes to the canary backend. While the traffic that doesn't match (either with a missing header or having a different value) is sent to the primary backend.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for your response. I tried out canary approach, for some reason all my request are going to primary ing only(stable one) and not canary although i added all headers required. I have added config snippet, can you tell me what could go wrong here
NGINX Ingress Controller header values are case-sensitive and require an exact match. You're testing with authtype: "my-jwt" (with a dash), that doesn't match with your original HTTP route config "myjwt". Try updating your canary Ingress with the annotation set with the correct value (with a dash): nginx.ingress.kubernetes.io/canary-by-header-value: "my-jwt".

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.