DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adds support for root redirection, and improves rewrite documentation

Browse source
This commit is contained in:
Ricardo Pchevuzinske Katz 2017-03-13 12:03:47 -03:00
parent c41e6bd82f
commit 0e5d3ca9e9
4 changed files with 76 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
controllers/nginx/configuration.md
View file

@ -177,7 +177,7 @@ If the application contains relative links it is possible to add an additional a
If the Application Root is exposed in a different path and needs to be redirected, the annotation `ingress.kubernetes.io/app-root` might be used. If the Application Root is exposed in a different path and needs to be redirected, the annotation `ingress.kubernetes.io/app-root` might be used.
Please check the [rewrite](examples/rewrite/README.md) example. Please check the [rewrite](/examples/rewrite/README.md) example.
### Rate limiting ### Rate limiting

19
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -236,9 +236,17 @@ http {
ssl_verify_client on; ssl_verify_client on;
ssl_verify_depth {{ $location.CertificateAuth.ValidationDepth }}; ssl_verify_depth {{ $location.CertificateAuth.ValidationDepth }};
{{ end }} {{ end }}
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
# enforce ssl on server side
if ($pass_access_scheme = http) {
return 301 https://$host$request_uri;
}
{{ end }}
{{ if not (empty $location.Redirect.AppRoot)}} {{ if not (empty $location.Redirect.AppRoot)}}
location = / { if ($uri = /) {
return 302 ${{ location.Redirect.AppRoot }}; return 302 {{ $location.Redirect.AppRoot }};
} }
{{ end }} {{ end }}
{{ if not (empty $authPath) }} {{ if not (empty $authPath) }}
@ -283,12 +291,7 @@ http {
error_page 401 = {{ $location.ExternalAuth.SigninURL }}; error_page 401 = {{ $location.ExternalAuth.SigninURL }};
{{ end }} {{ end }}
{{ if (or $location.Redirect.ForceSSLRedirect (and (not (empty $server.SSLCertificate)) $location.Redirect.SSLRedirect)) }}
# enforce ssl on server side
if ($pass_access_scheme = http) {
return 301 https://$host$request_uri;
}
{{ end }}
{{/* if the location contains a rate limit annotation, create one */}} {{/* if the location contains a rate limit annotation, create one */}}
{{ $limits := buildRateLimit $location }} {{ $limits := buildRateLimit $location }}
{{ range $limit := $limits }} {{ range $limit := $limits }}

5
core/pkg/ingress/annotations/rewrite/main.go
View file

@ -41,8 +41,9 @@ type Redirect struct {
// SSLRedirect indicates if the location section is accessible SSL only // SSLRedirect indicates if the location section is accessible SSL only
SSLRedirect bool `json:"sslRedirect"` SSLRedirect bool `json:"sslRedirect"`
// ForceSSLRedirect indicates if the location section is accessible SSL only // ForceSSLRedirect indicates if the location section is accessible SSL only
ForceSSLRedirect bool `json:"forceSSLRedirect"` ForceSSLRedirect bool `json:"forceSSLRedirect"`
AppRoot string `json:"appRoot"` // AppRoot defines the Application Root that the Controller must redirect if it's not in '/' context
AppRoot string `json:"appRoot"`
} }
type rewrite struct { type rewrite struct {

61
examples/rewrite/README.md
View file

@ -1,3 +1,28 @@
# Sticky Session
This example demonstrates how to use the Rewrite annotations
## Prerequisites
You will need to make sure you Ingress targets exactly one Ingress
controller by specifying the [ingress.class annotation](/examples/PREREQUISITES.md#ingress-class),
and that you have an ingress controller [running](/examples/deployment) in your cluster.
## Deployment
Rewriting can be controlled using the following annotations:
|Name|Description|Values|
| --- | --- | --- |
|ingress.kubernetes.io/rewrite-target|Target URI where the traffic must be redirected|string|
|ingress.kubernetes.io/add-base-url|indicates if is required to add a base tag in the head of the responses from the upstream servers|bool|
|ingress.kubernetes.io/ssl-redirect|Indicates if the location section is accessible SSL only (defaults to True when Ingress contains a Certificate)|bool|
|ingress.kubernetes.io/force-ssl-redirect|Forces the redirection to HTTPS even if the Ingress is not TLS Enabled|bool|
|ingress.kubernetes.io/app-root|Defines the Application Root that the Controller must redirect if it's not in '/' context|string|
## Validation
### Rewrite Target
Create an Ingress rule with a rewrite annotation: Create an Ingress rule with a rewrite annotation:
``` ```
$ echo " $ echo "
@ -64,3 +89,39 @@ BODY:
-no body in request- -no body in request-
``` ```
### App Root
Create an Ingress rule with a app-root annotation:
```
$ echo "
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/app-root: /app1
name: approot
namespace: default
spec:
rules:
- host: approot.bar.com
http:
paths:
- backend:
serviceName: echoheaders
servicePort: 80
path: /
" | kubectl create -f -
```
Check the rewrite is working
```
$ curl -I -k http://approot.bar.com/
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.11.10
Date: Mon, 13 Mar 2017 14:57:15 GMT
Content-Type: text/html
Content-Length: 162
Location: http://stickyingress.example.com/app1
Connection: keep-alive
```