K8S traffic to one service via two separate ingress (http https)-CodePudding

So I have a bunch of services running in a cluster, all exposed via HTTP only ingress object, example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  name: some-ingress
spec:
  ingressClassName: nginx
  rules:
  - http:
      paths:
      - backend:
          service:
            name: some-svc
            port:
              number: 80
        path: /some-svc(/|$)(.*)
        pathType: Prefix

They are accessed by http://<CLUSTER_EXTERNAL_IP>/some-svc, and it works ofc.

Now I want to create an additional ingress object for every service which will force SSL connections and allow the use of a domain instead of an IP address.

The problem is that the newer SSL ingresses always return 404 while testing the connection.

The manifests are as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "some-ingress-ssl"
  annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    ingress.kubernetes.io/app-root: "/some-svc"
spec:
  tls:
  - hosts:
      - foobar.com
    secretName: foobar-tls
  rules:
  - host: foobar.com
    http:
      paths:
      - path: /some-svc(/|$)(.*)
        pathType: Prefix
        backend:
          service:
            name: some-svc
            port:
              number: 80

tests (foobar.com point to CLUSTER_EXTERNAL_IP):

> curl -I http://<CLUSTER_EXTERNAL_IP>/some-svc
HTTP/1.1 200 OK
> curl -I https://foobar.com/some-svc
HTTP/2 404

Is it possible to have both ingresses simultaneously? (one enforcing SSL, the other not) If so what am I doing wrong here?

CodePudding user response：

Figured out I was missing this annotation:

nginx.ingress.kubernetes.io/rewrite-target: /$2

in SSL ingress...

works like a charm now, maybe someone will find this usefull