Kubernetes ingress conditional routing

Question

Is it possible to configure an ingress controller in Kubernetes to route the HTTP requests to a service only if the incoming requests have a certain value for a header?

Example

An HTTP request with following header

X-MY-CUSTOM-HEADER: accepted-value

should be forwarded to service1

An HTTP request with following header

X-MY-CUSTOM-HEADER: invalid-value

should be blocked

If is possible could you detail a bit or point to some documentation as I wasn't able to find documentation for such usecase

There's an example in `Istio` docs https://istio.io/docs/concepts/traffic-management/#precedence . It uses `envoy proxy` under the hood, so I believe you can use it directly as ingress controller in cluster, though I've no experience with it. — Egor Stambakio, Dec 07 '18 at 18:45

score 3 · Accepted Answer · answered Dec 07 '18 at 19:23

3

If you are using an nginx ingress controller you can do it with a Configuration snippet annotation. Then you can add something like this:

nginx.ingress.kubernetes.io/configuration-snippet: |
  map $http_x_custom_header $not_ok {
      default "1";
      Value1  "0";
      Value2  "0";
      Value3  "0";
  }

  if ($not_ok) {
      return 403; 
  }

Some more info here.

answered Dec 07 '18 at 19:23

Rico

58,485
12
111
141

2

The above doesn't work for me. I'm injecting a map directive via the "nginx.ingress.kubernetes.io/configuration-snippet" annotation as suggested above and I'm getting this error message on the nginx ingress pod: ```"map" directive is not allowed here``` – miticoluis Jul 08 '19 at 11:26
I'm not sure where it's adding it in your nginx config. Maybe you have another map directive? You can try server-snippet too. As per the docs http://nginx.org/en/docs/http/ngx_http_map_module.html#map map needs to be added in the http context and configuration-snippet adds the config within the location snippet that is under the http context. – Rico Jul 08 '19 at 19:05
1

Just tried "nginx.ingress.kubernetes.io/server-snippet", sam error message ""map" directive is not allowed here" :( – miticoluis Jul 08 '19 at 19:46
1

Try adding it in the configmap (http snippet) https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#http-snippet – Rico Jul 08 '19 at 19:49
Please take a look here if you can. I just created a new question regarding my particular issue, thank you for your help: https://stackoverflow.com/questions/56941847/map-directive-not-read-properly-nginx-ingress-controller-kubernetes – miticoluis Jul 08 '19 at 20:03
map directive is not allowed inside the configuration-snippet – Reza Mousavi Oct 06 '22 at 19:49

score 0 · Answer 2 · answered Dec 23 '19 at 10:57

0

Traefik 2.0, Istio and Ambassador support Header based routing.

More information from https://discuss.kubernetes.io/t/header-based-ingress-routing/6322

answered Dec 23 '19 at 10:57

Green Lei

3,150
2
20
25

Kubernetes ingress conditional routing

2 Answers2