Here we want to route traffic to different applications within our cluster with the help of paths. One advantage of this approach is that we only need one server certificate, since all traffic is going to use the same host.
We will focus on the Ingress here and not the Service object (every application that exposes services will need a Service object as a bridge between the application and the Ingress)
Example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-application-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
ingressClassName: nginx
rules:
- host: my.domain.com
http:
paths:
- path: /app-a/(.*)
pathType: Prefix
backend:
service:
name: my-app-a-service
port:
number: 8080
- path: /app-b/(.*)
pathType: Prefix
backend:
service:
name: my-app-b-service
port:
number: 8080
With the example configuration above we see that the following url’s are valid:
my.domain.com/app-a/ # will hit the root of my-app-a-service at "/" my.domain.com/app-a/actuator/health # my-app-a-service at "/actuator/health" my.domain.com/app-b/service # will route to my-app-b-service at "/service"
How does it work?
First we look at the paths: “/app-a/(.*)”. The “(.*)” part is a regular expression that means “match all characters after the slash (“/”) and put it into a group” .
A little higher up in the configuration we find “nginx.ingress.kubernetes.io/rewrite-target: /$1” annotation. This tells the Ingress that we should extract the first group (“$1”) and forward it to the backend Service. This is the way we remove the first part of the path (/app-a/). We only use this part to separate to what service the call should go and do not want it to follow the call to the backend. Everything after the last slash (“/”) is forwarded to the application, both url and any query parameters.
A nifty solution when you don’t need every service to be a separate domain
Tested on VMWare Tanzu Kubernetes v1.22
0 Comments.