K
Q

map directive not read properly nginx ingress controller kubernetes

7/8/2019

This is the ConfigMap resource:

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
data:
  use-proxy-protocol: "false"
  use-forwarded-headers: "true"
  proxy-real-ip-cidr: "0.0.0.0/0" # restrict this to the IP addresses of ELB
  http-snippet: "map $http_origin $cors {
          hostnames;

          default       'default.com';
          .local        $http_origin;
          .blah.org $http_origin;
      }"

And then I've got the following Ingress resource which is reading the value from the map directive I set up previously on the ConfigMap nginx.ingress.kubernetes.io/cors-allow-origin: "$cors":

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  namespace: "default"
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "$cors"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, HEAD, OPTIONS"
    nginx.ingress.kubernetes.io/cors-allow-headers: "Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With"
    .
    .
    .

The issue I'm getting is that the annotation doesn't read the $cors variable set on the map directive properly and the resulting nginx.conf file always sets the "add_header 'Access-Control-Allow-Origin' response header to "*".

Am I missing anything here?

-- miticoluis
controller
dictionary
kubernetes
nginx

Similar Questions

How to update file on kubernetes/docker?
LoadBalancer Healthy Fails when run Traefik in Google Cloud Kubernetes
IBM MQ Uniform clustering in kubernetes
Need to show GRPC status Code in Istio-Proxy Logs
SQL Server on Kubernetes (aks) login for SA failed
Helm Chart will install manually, will not install via Terraform
How to prevent downtime when deploy a new version of code to a web socket server
What is a preferable way to run a job need large tmp disk space?
How can I reference value from one Kubernetes resource when defining another resource
Is there a way to monitor tls certificates in kubernetes using prometheus?

1 Answer

7/10/2019

This is well known behavior for CORS implementation within nginx.ingress.kubernetes.io/cors-allow-origin annotation, limited to only single value (with hard coded format) or *, looking into the Nginx Ingress controller documentation:

nginx.ingress.kubernetes.io/cors-allow-origin controls what's the accepted Origin for CORS. This is a single field value, with the following format: http(s)://origin-site.com or http(s)://origin-site.com:port

Therefore, in order to support multiple domains in the origin header, I assume that you might consider to inject some script which makes job. There is a dedicated FR raised #1171, with a snippet provided by @claudiuchis to get it done.

-- mk_sta
Source: StackOverflow