Home > database >  Kubernetes Nginx ingress appears to remove headers before sending requests to backend service
Kubernetes Nginx ingress appears to remove headers before sending requests to backend service

Time:01-02

I am trying to deploy a SpringbBoot Java application hosted on Apache Tomcat on a Kubernetes cluster using Ngninx Ingress for URL routing. More specifically, I am deploying on Minikube on my local machine, exposing the SpringBoot application as a Cluster IP Service, and executing the

minikube tunnel 

command to expose services to my local machine. Visually, the process is the following...

Browser -> Ingress -> Service -> Pod hosting docker container of Apache Tomcat Server housing SpringBoot Java API

The backend service requires a header "SM_USER", which for the moment can be any value. When running the backend application as a Docker container with port forwarding, accessing the backend API works great. However, when deploying to a Kubernetes cluster behind an Nginx ingress, I get 403 errors from the API stating that the SM_USER header is missing. I suspect the following. My guess is that the header is included with the request to the ingress, but removed when being routed to the backend service.

My setup is the following.

Deploying on Minikube

minikube start
minikube addons enable ingress
eval $(minikube docker-env)
docker build . -t api -f Extras/DockerfileAPI
docker build . -t ui -f Extras/DockerfileUI
kubectl apply -f Extras/deployments-api.yml
kubectl apply -f Extras/deployments-ui.yml
kubectl expose deployment ui --type=ClusterIP --port=8080
kubectl expose deployment api --type=ClusterIP --port=8080
kubectl apply -f Extras/ingress.yml
kubectl apply -f Extras/ingress-config.yml
edit /etc/hosts file to resolve mydomain.com to localhost
minikube tunnel

Ingress YAML

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    # Tried forcing the header by manual addition, no luck (tried with and without)
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header SM_USER $http_Admin;
spec:
  rules:
    - host: mydomain.com
      http:
        paths:
          - path: /ui
            pathType: Prefix
            backend:
              service:
                name: ui
                port:
                  number: 8080
          - path: /api
            pathType: Prefix
            backend:
              service:
                name: api
                port:
                  number: 8080

Ingress Config YAML

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-config
  namespace: default
  labels:
    app.kubernetes.io/name: my-ingress
    app.kubernetes.io/part-of: my-ingress
data:
  # Tried allowing underscores and also using proxy protocol (tried with and without)
  enable-underscores-in-headers: "true"
  use-proxy-protocol: "true"

When navigating to mydomain.com/api, I expect to receive the ROOT API interface but instead receive the 403 error page indicating that the SM_USER is missing. Note, this is not a 403 forbidden error regarding the ingress or access from outside the cluster, the specific SpringBoot error page I receive is from within my application and custom to indicate that the header is missing. In other words, my routing is definitely correct, and I am able to access the API, its just that the header is missing.

Are there configs or parameters I am missing? Possibly an annotation?

CodePudding user response:

This is resolved. The issue was that the config was being applied in the Application namespace. Note, even if the Ingress object is in the application namespace, if you are using minikubes built in ingress functionality, the ConfigMap must be applied in the Nginx ingress namespace.

  • Related