Comments (7)
k8s-ci-robot
commented on June 23, 2024
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.
The triage/accepted label can be added by org members by writing /triage accepted in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from ingress-nginx.
longwuyuan
commented on June 23, 2024
/remove-kind bug
/kind support
/triage needs-information
To a reader, the configuration seems like options to be opted-in or opted-out using the values file, so kindly explain the details and full description of why you think the current behavior is a bug.
Also kindly describe in tiny details, what is the change you are expecting.
from ingress-nginx.
fengxx
commented on June 23, 2024
thanks, updated expected result with reasoning
from ingress-nginx.
longwuyuan
commented on June 23, 2024
Please wait for others to comment.
Personally I think that if a user chooses not to configure the ingress.spec.ingressClassName field in a ingress resource, its a deviation from recommended practice because the ingress api already changed in K8S v1.24.
So if a user makes a clear choice to not set a ingressClassName, in a ingress resource, then they should ideally make the effort to install with controller with the field controller.watchIngressWithoutClass to true.
from ingress-nginx.
fengxx
commented on June 23, 2024
sorry, I double checked the logs, found out the webhook watchIngressWithoutClass is not the root cause.
when spec.ingressClassName is missing, validation webhook will be called twice, first it will ignore payload because ingressClassName is missing, and k8s will mutate the resource to add spec.ingressClassName back because default ingress class is set to nginx, then webhook will validate it again.
The issue is we have two ingress with same hostname, and each alone is valid, but when they merged together, it became a problem.
I guess there is a concurrent issue that the webhook validation tasks were done in two standance nginx instances seperatly, and each returned success result, but it is hard to reproduce
# file1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test1
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: ingress.test
http:
paths:
- backend:
service:
name: web-traffic-svc
port:
name: bar-port
path: /api/v1/(\d+)/bar
pathType: ImplementationSpecific
---
# file2.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
location /api/v1/invalid {
return 404;
}
name: test2
spec:
rules:
- host: ingress.test
http:
paths:
- backend:
service:
name: bar-svc
port:
name: bar
path: /
pathType: Prefix
Anyway, thanks for the help, I think the issue can be resolved by merging two config together
from ingress-nginx.
longwuyuan
commented on June 23, 2024
Thanks for the update @fengxx . Kindly close the issue since not a problem anymore
from ingress-nginx.
fengxx
commented on June 23, 2024
thanks, I finally found a stable way to reproduce it, for anyone interested, here is the script
- prereq
# enable allowSnippetAnnotations
namespaceOverride: nginx-default
controller:
allowSnippetAnnotations: true
ingressClass: nginx-default
ingressClassResource:
default: true
enabled: true
name: nginx-default
controllerValue: "k8s.io/ingress-nginx-default"
config:
annotation-value-word-blocklist: 'load_module,lua_package,_by_lua,root,serviceaccount'
enable-underscores-in-headers: 'true'
# file1.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test1
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
rules:
- host: ingress.test
http:
paths:
- backend:
service:
name: web-traffic-svc
port:
name: bar-port
path: /api/v1/(\d+)/bar
pathType: ImplementationSpecific
---
# file2.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
location /api/v1/invalid {
return 404;
}
name: test2
spec:
rules:
- host: ingress.test
http:
paths:
- backend:
service:
name: bar-svc
port:
name: bar
path: /
pathType: Prefix
- reproduce
for x in $(seq 100);do
kubectl delete ingress test1 test2
sleep 1
( kubectl create -f test1.yaml 2>/dev/null|| echo "failed to create test1" ) &
( kubectl create -f test2.yaml 2>/dev/null|| echo "failed to create test2" ) &
if kubectl get ingress test1 test2 > /dev/null;then
echo "created two ingress, job done!"
exit
fi
done
from ingress-nginx.
Related Issues (20)
- Impact of Maxmind R2 presigned URLs HOT 7
- GeoIP2 docs mention incorrect folder for mounted volumes HOT 1
- Update ingress-nginx to latest v1.10.0 error calling semverCompare: Invalid Semantic Version HOT 2
- Open Telemetry with Jaeger backend Trace ID HOT 2
- AWS EKS IPv6 Cluster unable to use nginx ingress HOT 2
- since controller 1.10.0 (chart 4.10.0): ingress rejects duplicate "Transfer-Encoding: chunked" and returns 502 HOT 50
- Can't use session-cookie-* annotations in place of nginx's proxy_cookie_flags directive HOT 4
- Document chunking related change in v1.10 HOT 5
- Hope add upstream metrics label for node HOT 2
- css file is not getting rendered using custom default backend HOT 5
- SSL Handshake Failure When Mapping to External HTTPS Service (AWS CloudFront + S3) in Nginx Ingress HOT 4
- Error from server (NotFound): services "nginx-ingress-nginx-ingress" not found HOT 3
- Can't include $ in permanent-redirect URL annotation HOT 5
- strict-validate-path-type does not allow period/dot/. in Exact or Prefix path HOT 17
- Make Nginx auth_request module to be able to expose auth error body when needed HOT 3
- Confusing `namespace` label in SSL metrcis HOT 4
- Nginx 503 error why trying rewrite ingress address HOT 8
- [helm chart] Include optional "topologySpreadConstraints" in defaultbackend HOT 1
- CVE Finding HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ingress-nginx.