1

I want to prevent unsafe requested to reach my application running in GCP GKE with Google Ingress (not nginx) and trying to do this using path rules. I know nginx Ingress can configure paths using regex but I don know the best way to do with Google Ingress. Right now I am just duplicating the same rules change the path prefix like this:

spec:
  rules:
  - http:
      paths:
      - backend:
          service:
            name: my-api-service
            port:
              number: 80
        path: /api
        pathType: Prefix
      - backend:
          service:
            name: my-api-service
            port:
              number: 80
        path: /auth
        pathType: Prefix
      - backend:
          service:
            name: my-api-service
            port:
              number: 80
        path: /admin
        pathType: Prefix

Is there a better way to do this?

nsbm
  • 5,842
  • 6
  • 30
  • 45

2 Answers2

1

Everything you're looking for is covered in this document. As GKE ingress is essentially a GCP Load Balancer, the path key is using a url-map to configure and route the traffic to what you've specified in the config. As you'd be able to see there, regexs are not allowed in Path keys.

One option if you're using Helm is to make use of the templates to generate this automatically from a variable. Given the following variable in your values.yaml file:

paths:
 - name: /api
 - name: /admin
 - name: /auth

Then in your ingress YAML definition you can do the following:

spec:
  rules:
  - http:
      paths:
{{ range $paths := .Values.paths }}
      - backend:
          service:
            name: my-api-service
            port:
              number: 80
        path: {{ .name }}
        pathType: Prefix
{{ end }}
bhito
  • 2,083
  • 7
  • 13
  • Hmm but if Im not using Helm the way that Im defining is the best approach than,right? I will take a look at the doc you mentioned, but I know that I cant use regex in Paths. Thank you! – nsbm Feb 09 '23 at 20:19
  • 1
    I think so, unfortunately GKE ingress is lagging way behind in certain features compared to NGINX and some other providers – bhito Feb 10 '23 at 08:52
0

In GKE ingress regex is not allowed in paths as it is using the url-map to configure GCP Load Balancers. Only wildcard allowed in paths is *. We cannot use any other wildcards in the path key.

So you can try like this

  spec:
      rules:
      - http:
          paths:
          - backend:
              service:
                name: my-api-service
                port:
                  number: 80
            path: /*
            pathType: Prefix

(or)

You can use the default backend services to route the traffic to the single service like in this document

   spec:
     defaultBackend:
       service:
        name: my-api-service
        port:
         number: 80

You can give a try by changing the annotation like mentioned in this SO.

There are other similar SO's SO1 SO2.

Dharani Dhar Golladasari
  • 632
  • 1
  • 9
  • Actually I didint want to allow every paths to my-api-service. I was trying to filter only some specific path routes. – nsbm Feb 09 '23 at 20:15