TechQA.

haproxy ingress forward request to service based on header check

142 views Asked by At

We have a ingress and service like below, I want the request to be handle by my-ingress only if request path starts with /api and has "Authorization" header. if condition is met then forward request to internal-service. if the request path starts with /api and doesn't contain "Authorization" header then request should be forwarded to external-service.

I am trying to use config-backend annotation in ingress like

ingress.kubernetes.io/config-backend: >
  acl has_auth_header hdr(Authorization) -m found  
  http-request deny if !has_auth_header

With above annotation I can see the request getting denied if Authorization header is not passed. I am not sure if I can achieve the behavior I described above using this config-backend annotation (https://haproxy-ingress.github.io/v0.12/docs/configuration/keys/#configuration-snippet) or any other approach at ingress level. I also tried having 2 ingress one having condition like process only if has_auth_header which forward request to internal-service

    ingress.kubernetes.io/config-backend: |
      acl has_auth_header hdr(Authorization) -m found  
      http-request deny if has_auth_header

and another like process only if !has_auth_header which forward request to external-service, no luck.

I am new to kubernetes/haproxy, so would appreciate any help/pointer please. thanks.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  namespace: my-namespace
  labels:
    app: some-app
  annotations:
    kubernetes.io/ingress.class: "haproxy"
    ingress.kubernetes.io/timeout-connect: "30s"
    ingress.kubernetes.io/timeout-http-request: "15m"
    ingress.kubernetes.io/timeout-server: "15m"
spec:
  tls:
    - hosts:
        - "*.some.domain.com"
      secretName: "some-certificate"
  rules:
    - host: "*.some.domain.com"
      http:
        paths:
          - pathType: Prefix
            path: /api
            backend:
              service:
                name: internal-service
                port:
                  number: 10000

apiVersion: v1
kind: Service
metadata:
  name: external-service
  namespace: my-namespace
  labels:
    app.kubernetes.io/managed-by: Helm
spec:
  ports:
    - protocol: TCP
      port: 443
      targetPort: 443
  type: ExternalName
  externalName: some-application-to-route-request.com
kubernetes kubernetes-ingress haproxy haproxy-ingress
Original Q&A
0

There are 0 answers

Related Questions in KUBERNETES

Related Questions in KUBERNETES-INGRESS

Related Questions in HAPROXY

Related Questions in HAPROXY-INGRESS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions