Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update documentation for ingress annotation validation #1293

Merged
merged 3 commits into from
Jan 4, 2021
Merged

Update documentation for ingress annotation validation #1293

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1dacac3
Update documentation for ingress annotation validation
Dec 18, 2020
93e8a8f
Add list of annotations currently not validated to docs
Dec 21, 2020
fafa990
Update docs-web/configuration/ingress-resources/advanced-configuratio…
Jan 4, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions ...-web/configuration/ingress-resources/advanced-configuration-with-annotations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,63 @@ spec:
servicePort: 80
```

## Validation

The Ingress Controller validates the annotations of Ingress resources. If an Ingress is invalid, the Ingress Controller will reject it: the Ingress will continue to exist in the cluster, but the Ingress Controller will ignore it.

You can check if the Ingress Controller successfully applied the configuration for an Ingress. For our example `cafe-ingress-with-annotations` Ingress, we can run:
```
$ kubectl describe ing cafe-ingress-with-annotations
. . .
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal AddedOrUpdated 3s nginx-ingress-controller Configuration for default/cafe-ingress-with-annotations was added or updated
```
Note how the events section includes a Normal event with the AddedOrUpdated reason that informs us that the configuration was successfully applied.

If you create an invalid Ingress, the Ingress Controller will reject it and emit a Rejected event. For example, if you create an Ingress `cafe-ingress-with-annotations`, with an annotation `nginx.org/redirect-to-https` set to `yes please` instead of `true`, you will get:
```
$ kubectl describe ing cafe-ingress-with-annotations
. . .
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning Rejected 13s nginx-ingress-controller annotations.nginx.org/redirect-to-https: Invalid value: "yes please": must be a boolean
```
Note how the events section includes a Warning event with the Rejected reason.

**Note**: If you make an existing Ingress invalid, the Ingress Controller will reject it and remove the corresponding configuration from NGINX.
mikestephen marked this conversation as resolved.
Show resolved Hide resolved

The following Ingress annotations currently have limited or no validation:

- `nginx.org/proxy-connect-timeout`,
- `nginx.org/proxy-read-timeout`,
- `nginx.org/proxy-send-timeout`,
- `nginx.org/client-max-body-size`,
- `nginx.org/proxy-buffers`,
- `nginx.org/proxy-buffer-size`,
- `nginx.org/proxy-max-temp-file-size`,
- `nginx.org/upstream-zone-size`,
- `nginx.org/fail-timeout`,
- `nginx.org/server-tokens`,
- `nginx.org/proxy-hide-headers`,
- `nginx.org/proxy-pass-headers`,
- `nginx.org/rewrites`,
- `nginx.com/jwt-key`,
- `nginx.com/jwt-realm`,
- `nginx.com/jwt-token`,
- `nginx.com/jwt-login-url`,
- `nginx.org/ssl-services`,
- `nginx.org/grpc-services`,
- `nginx.org/websocket-services`,
- `nginx.com/sticky-cookie-services`,
- `nginx.com/slow-start`,
- `appprotect.f5.com/app-protect-policy`,
- `appprotect.f5.com/app-protect-security-log`.

Validation of these annotations will be addressed in the future.

## Summary of Annotations

The table below summarizes the available annotations.
Expand Down