'Kubernetes ingress rewrite-target annotation breaks other rules

In my project i need rewrite one path in ingress, so i looked at documentation: https://kubernetes.github.io/ingress-nginx/examples/rewrite/

My ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    meta.helm.sh/release-name: is
    meta.helm.sh/release-namespace: is-dev
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  creationTimestamp: "2022-04-01T05:35:01Z"
  generation: 1
  labels:
    app.kubernetes.io/instance: is
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: backend-rest
    helm.sh/chart: backend-0.1.0  
  name: is-backend-rest
  namespace: is-dev
  resourceVersion: "352279575"
  uid: a1dc501e-3c12-46c7-a543-3db921433c81
spec:
  rules:
  - host: foo.bar.sk
    http:
      paths:
      - backend:
          service:
            name: is-backend
            port:
              name: http
        path: /rest(/|$)(.*)
        pathType: Prefix
  tls:
  - hosts:
    - foo.bar.sk

another Ingress specification:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    meta.helm.sh/release-name: is
    meta.helm.sh/release-namespace: is-dev
  creationTimestamp: "2022-04-01T05:35:02Z"
  generation: 1
  labels:
    app.kubernetes.io/instance: is
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: reg
    helm.sh/chart: reg-0.1.0
  name: is-reg
  namespace: is-dev
  resourceVersion: "352259630"
  uid: 68708a7d-3169-4e5a-a9f2-ca7db507fcb8
spec:
  rules:
  - host: foo.bar.sk
    http:
      paths:
      - backend:
          service:
            name: is-reg
            port:
              name: http
        path: /reg
        pathType: Prefix
  tls:
  - hosts:
    - foo.bar.sk

Rewrite works fine, access to reg services too. HOWEVER When there is rewrite target annotation i can access even foo.bar.sk/regSomething/url. If i disable rewrite target annotation, foo.bar.sk/regSomething/url is not accesible, like it should not be, because its not specified in Ingress.

Made some digging and found out that when rewrite annotation is applied, generated nginx configuration file looks like this:

location ~* "^/rest(/|$)(.*)" {

....

location ~* "^/reg" {

And when no rewrite annotation is applied generated config looks like:

location = /rest(/|$)(.*) {

...

location = /reg {

So my question is why rewrite annotation affects all location rules in generated file, and how can i fix it?

kuberneteskubernetes-ingressnginx-ingress


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions