Challenge: Setup redirection rules on ingress
Some time back I had to setup a pipeline to apply 30000 plus ingress rules for switching an application from old platform to new platform.
Initial Solution
For low numbers of redirects we can create separate Ingress objects for each rule. This is simpler and can be automated easily. But as the number of rules increase it becomes hard to manage thousands of ingress objects.
New Approach
As we are using Nginx Ingress Controller we can mention the rules in a configuration files. This allows us to add all the redirect rules in one file and mention it in server-snippet of the ingress object.
Azure Files can be used to host the configuration files meanwhile we can also update ingress controller deployment to use Azure Files Share name as a volume. For this we can refer the following Microsoft Documentation:
https://docs.microsoft.com/en-us/azure/aks/azure-files-volume
Following are the steps in order to achieve this:
Create a Kubernetes secret file for connecting to Azure Storage Account File Share as mentioned in the Microsoft Documentation. If you already have a share created you can directly create the Kubernetes secret.
kubectl create secret generic azure-secret --from-literal=azurestorageaccountname=ingress-configs --from-literal=azurestorageaccountkey=<key>
Once secret is created we update the ingress deployment. If you are using Ingress helm charts you can do this by updating the values.yaml like below:
extraVolumeMounts:
- mountPath: /etc/nginx/conf.d/
name: azure-ingress-files
extraVolumes:
- azureFile:
readOnly: true
secretName: azure-ingress-files-secret
shareName: ingress-configs
name: azure-ingress-files
Update the deployment or upgrade the helm chart.
Add configuration files in the Azure Files Share
location ~* ^/Test$ { return 301 $request_uri$is_args$args; } location ~* ^/Test1$ { return 301 $request_uri$is_args$args; }
Final step is to update the ingress object to take this config file. This can be done by using server-snippet:
nginx.ingress.kubernetes.io/server-snippet: |- include /etc/nginx/conf.d/redirect-premanent.conf; include /etc/nginx/conf.d/customredirects/redirect-99.conf;
as a default behavior ingress will reload all configuration if the ingress object is changed. Notice we have a config file with fixed rules and another which we can change in customredirects folder.
For further enhancement we can have a CI pipeline which creates the configuration file and update the ingress object with new file name. This will cause the ingress controllers to reload and pick the new rules without downtime.
