New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow RegExp or wildcard for ingress domain and/or path #41881
Comments
wildcard support is in kubernetes/ingress-nginx#8 |
@cmluciano thanks. I saw that earlier, but didn't think it answers, because I thought:
I want to be able to do host: "web.*" And thus have any request whose host header starts with |
@cmluciano and tried it, got an invalid spec error. |
I think the Ingress spec should clearly state how to treat wildcards/regexp. We have our own Ingress controller and HTTP proxy (Skipper), i.e. we would like to have a clear spec to implement (and not do our own potentially incompatible extension). |
@hjacobs I looked at the source code, and it seems only to allow it as the left-most element. Personally, I would be content to have |
+1 for this feature, although I don't need regex. I just want a way that I can specific multiple hosts for a ingress. Like: kubernetes/ingress-nginx#87
|
No additional thoughts on this? |
Yep, this is somewhat essential for using minikube or kubernetes from dev-to-prod. We have dozens of developers using minikube and hosted/remote kubernetes VMs with IPs. Everyone cannot be given full domain names (/etc/hosts overrides and generally shoving this down the line into a DNS problem). Almost all routers that I know of (haproxy, nginx, etc) allow routing based on trailing wildcards, i.e. only the subdomain matters, and the domain doesn't. But here, its reverse, the domain seems to matter and subdomain is allowed a wildcard, which I don't know but seems to be a not-so-common routing policy. I believe this is because Ingress was mostly designed with some specific limitations in mind - like the ambiguity around "how many trailing wildcards to allow", because wildcard in domains matches only up to a dot. Would make a lot of sense to expose trailing wildcards, and allow the Ingress controller and/or application developer and/or cluster operator to take the final call, instead of having an unnecessary limitation. |
Thanks @rdsubhas ; well explained. |
@deitch until then if anyone needs to do thins in the official nginx ingress, here is a shortcut:
|
@rdsubhas an init container where? In the nginx Deployment / DaemonSet (depending on your deployment preference)? I kind of did something similar with traefik, changing their template. Still, it shouldn't be this hard. |
I used this container in the past with this purpose, and it did the job. |
/sig network |
Any updates here? @rdsubhas I am using traefik in one use case (nginx in another), and I did something similar. Actually, since nginx uses go templates, I was able to make the transformation right in the template itself. The problem I now have is trying to use letsencrypt, most plugins (like traefik's built-in acme support or kube-lego) pull the Is there any way to create "automatic transform on demand" for resources? E.g. my cluster will transform the |
+1 for this |
I confirm this is a huge issue for us. |
Ours does as well. Well, we use traefik, and no big deal to change the config to support it. As a workaround, we use a string that never would be used anywhere in out
Or, just let it go through no matter what. |
This is extremely important to us as well -- our user story goes something like this:
There's a talk about "the spec" and "the code" in this thread - I could probably figure out the code, but how does "the spec" get approved/changed/whatever'd so that we can update the code to match our desired behavior? |
I, too, would be happy to do a PR, but only if someone can point me into what is needed for the spec to change and then the code, and more importantly that it is supported in principle. |
This is a feature which allows ingress to be useful. Without it the yaml definition file for an app (ingress + deployment + service) cannot be environment independant. Without it you end up with a proxy application / loadbalancer infront of the ingress just to change the url to a common non routable value. just supporting the * in the domain as a single part would be sufficient. ie Or to support domain as a field. eg for x.y.com With the ability to load the domain from config map. Then it would be handled in a simmilar way to the application config. |
I think, from a Spec perspective, having it as a FQDN helps a lot of "standard/kubernetes compliant" resources to happen. Although the API is called While its true that development is hard, supporting domain prefixes could be done today. If we specify the Just two cents, maybe pressuring downstream API controllers (like dns/ssl/ingress controllers, and maybe google cloud ingress ;) to support suffixes/prefixes to the host is a better/longer term solution, than making the spec itself widely open to interpretation and being stringly typed. |
@rdsubhas Looking into this in the issues form some of the implementors of the ingress controller spec. There almost standard response is its not in the spec so we dont want to differ from it. |
Looks like I stirred up a bit of a hornet's nest with this one... which means it matters to people. Perhaps the strongest sign is that every time I interact with someone who deploys to kubernetes clusters with an automated CD pipeline across multiple environments, we always end up discussing, "so how did you hack around the Ingress If one of the key goals of kubernetes is making services easy to deploy and - "automating devops" like Kelsey's interview last week, if you will - then the goal is practical: how do I make deploying services config-driven, reliable, reproducible, scalable. Requiring the config on each exposed service to be different from one environment to another makes an automated CD pipeline brittle and extremely difficult (and hacked and fragmented). I need to maintain separate config files, when they differ only by the ending of the domain. I am unclear is to why the spec for an FQDN must be the spec for specifying what service Agreed wholeheartedly, it needs a standard, and the current one is forcing people to break it in implementation. I do think that using a standard that wasn't written for specifying services deployed and identified dynamically in multiple environments is the best one to use. If there isn't a better, let's define one. If you want to call it
Isn't the way to pressure In any case, I much appreciate the feedback and time spent on this issue. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
What would be very useful is to match the subdomain to the service name. That would be super helpful. Someone visits app.example.com then the Ingress would route to service.name = app
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
Ingress has Ingress also supports wildcards for hostname matching. Beyond that, Ingress as an API is effectively "done". Further work needs to aim at the Gateway API https://gateway-api.sigs.k8s.io/ |
I think there's some misunderstanding, this feature has not been implemented. A path match does nothing to help with matching the host, Also, as mentioned 2 years ago the hostname field does not support wildcards, it only supports prefixes. Here is an example wildcard that it does not support:
|
Sorry, I used the wrong code for closing this. Further work needs to aim at the Gateway API https://gateway-api.sigs.k8s.io/ There's not much interest in adding non-portable extensions to Ingress when Gateway is just about here. |
I don't know yet Gateway API, will look into it, but I find it a bit harsh to cut any development and evolution to an established and used API just because a new one is about here. Is Ingress API deprecated ? |
Anything we add to Ingress API still needs to be implemented by controller impls, which have indicated very low desire to double-track such work. If a significant corpus of Ingress implementations could easily support this, I'm not going to hard block it. I would need to see that laid out, along with someone thinking thru the design here (probably not hard, similar to how |
Is this a request for help?
No
What keywords did you search in Kubernetes issues before filing this one? (If you have found any duplicates, you should instead reply there.):
Is this a BUG REPORT or FEATURE REQUEST?
Feature, although if it exists and I don't see it, then bug for docs
As far as I can tell, k8s ingress supports (in theory), subdomain wildcards for ingresses (supposing the given controller supports them, of course), such as
*.mydomain.com
. There appear to be confusing issues (re: #39622 ) but in theory it supports it.The specific use case is as follows. I have a set of k8s resources being deployed to multiple environments, e.g. prod, uat, qa. Each one has its own inbound root domain, e.g.
prod.mydomain.com
,qa.mydomain.com
,uat.mydomain.com
.When I create my k8s resources, I want to use identical ones between all the environments. If I have 3 exposed services (e.g.
web
,api
,magic
) in each domain, routed by subdomain, I shouldn't require 3 separate ingresses, one for each environment, per exposed service. Instead, I want to do something like this:(repeat for services
api
andmagic
)This allows my to tell my devs
kubectl config set-context prod
(oruat
orqa
)2.Deploy consistently with
kubectl apply -f configs/
Did I miss that somewhere? Or is it not currently supported?
The text was updated successfully, but these errors were encountered: