Jump to content
Welcome to our new Citrix community!

Insecure-termination annotation doesn't create redirection for defaultBackend


Recommended Posts

Hello,

I need to create ingress that will be redirect traffic for specific paths to kubernetes pods and by default send all other traffic to physical server. My ingress yaml looks like this:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.citrix.com/external-service: '{"lkold": {"domain": "lkold.mydomain.com"}}'
    ingress.citrix.com/frontend-ip: 10.29.232.41
    ingress.citrix.com/insecure-port: "80"
    ingress.citrix.com/insecure-termination: redirect
    ingress.citrix.com/preconfigured-certkey: '{"certs":[{"name":"wildcard.mydomain.com","type":"default"}]}'
    ingress.citrix.com/secure-port: "443"
    ingress.citrix.com/secure-service-type: ssl
    kubernetes.io/ingress.class: citrix
  labels:
    app.kubernetes.io/instance: lknew
    app.kubernetes.io/name: lknew
  name: lknew-backend
spec:
  defaultBackend:
    service:
      name: lkold
      port:
        number: 80
  rules:
  - host: lknew.mydomain.com
    http:
      paths:
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /assets
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /static-assets
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /cabinet/closed
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /cabinet/docs
        pathType: Prefix
  tls:
  - hosts:
    - lknew.mydomain.com
status:
  loadBalancer: {}

Content switch for SSL traffic consist default lb vserver and cs policy for other traffic. It's works fine

But cs vserver for redirection contains only one responder policy with rule bellow:

Rule: (((HTTP.REQ.HOSTNAME.SERVER.EQ("lknew.mydomain.com") && HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).STARTSWITH("/assets")) ||
(HTTP.REQ.HOSTNAME.SERVER.EQ("lknew.mydomain.com") && HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).STARTSWITH("/static-assets"))) ||
(HTTP.REQ.HOSTNAME.SERVER.EQ("lknew.mydomain.com") && HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).STARTSWITH("/cabinet/closed"))) ||
(HTTP.REQ.HOSTNAME.SERVER.EQ("lknew.mydomain.com") && HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).STARTSWITH("/cabinet/docs"))

 

How can I create redirection for default backend in this case?

Link to comment
Share on other sites

Hi Vladimir,
 There are two options:
 1. Create a separate ingress for `lkold` service.
OR
 2. You can edit the existing ingress yaml like below.
  a) Remove defaultBackend section.
  b) Add lkold as backend in the end of http.paths
  c) Edit tls section by removing ‘lknew.mydomain.com’.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.citrix.com/external-service: '{"lkold": {"domain": "lkold.mydomain.com"}}'
    ingress.citrix.com/frontend-ip: 10.29.232.41
    ingress.citrix.com/insecure-port: "80"
    ingress.citrix.com/insecure-termination: redirect
    ingress.citrix.com/preconfigured-certkey: '{"certs":[{"name":"wildcard.mydomain.com","type":"default"}]}'
    ingress.citrix.com/secure-port: "443"
    ingress.citrix.com/secure-service-type: ssl
    kubernetes.io/ingress.class: citrix
  labels:
    app.kubernetes.io/instance: lknew
    app.kubernetes.io/name: lknew
  name: lknew-backend
spec:
  rules:
  - host: lknew.mydomain.com
    http:
      paths:
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /assets
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /static-assets
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /cabinet/closed
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /cabinet/docs
        pathType: Prefix
  - host: lkold.mydomain.com
    http:
      paths:
      - backend:
          service:
            name: lkold
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - {}
status:
  loadBalancer: {}

 

Link to comment
Share on other sites

1 hour ago, Yashna Daolagupu said:

Hi Vladimir,
 There are two options:
 1. Create a separate ingress for `lkold` service.
OR
 2. You can edit the existing ingress yaml like below.
  a) Remove defaultBackend section.
  b) Add lkold as backend in the end of http.paths
  c) Edit tls section by removing ‘lknew.mydomain.com’.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingress.citrix.com/external-service: '{"lkold": {"domain": "lkold.mydomain.com"}}'
    ingress.citrix.com/frontend-ip: 10.29.232.41
    ingress.citrix.com/insecure-port: "80"
    ingress.citrix.com/insecure-termination: redirect
    ingress.citrix.com/preconfigured-certkey: '{"certs":[{"name":"wildcard.mydomain.com","type":"default"}]}'
    ingress.citrix.com/secure-port: "443"
    ingress.citrix.com/secure-service-type: ssl
    kubernetes.io/ingress.class: citrix
  labels:
    app.kubernetes.io/instance: lknew
    app.kubernetes.io/name: lknew
  name: lknew-backend
spec:
  rules:
  - host: lknew.mydomain.com
    http:
      paths:
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /assets
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /static-assets
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /cabinet/closed
        pathType: Prefix
      - backend:
          service:
            name: lknew
            port:
              number: 80
        path: /cabinet/docs
        pathType: Prefix
  - host: lkold.mydomain.com
    http:
      paths:
      - backend:
          service:
            name: lkold
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - {}
status:
  loadBalancer: {}

 

Hi, Yashna

 

Thank you, but it wouldn't help me. I need to user a same name for both ingress

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...