Not setting modifiedQueryString still results in a rewrite rule that sets the query string to empty
cristicalin opened this issue · comments
Describe the bug
We are using rewrite rules on ingress to rewrite paths but would like to preserve the query string. The AppGW ingress controller updates the rewrite rule to update both URL and query string always.
To Reproduce
apiVersion: appgw.ingress.azure.io/v1beta1
kind: AzureApplicationGatewayRewrite
metadata:
name: test
namespace: dev
spec:
rewriteRules:
- actions:
urlConfiguration:
modifiedPath: /api/v{var_uri_path_1}/{var_uri_path_2}
reroute: false
conditions:
- ignoreCase: false
negate: false
pattern: /api/v([0-9]+)/r/(.*)
variable: var_uri_path
name: test
ruleSequence: 1
This should set the Components to URL path but it results in setting it to Both URL path and URL query string.
Expected outcome:
Actual outcome:
This breaks our application's rewrite logic.
Ingress Controller details
- Output of
kubectl describe pod <ingress controller> . The pod name can be obtained by runninghelm list.
Name: ingress-appgw-deployment-cc567775f-ktls9
Namespace: kube-system
Priority: 0
Service Account: ingress-appgw-sa
Node: aks-sys98249edv1-10300639-vmss000000/10.10.16.10
Start Time: Thu, 12 Sep 2024 10:52:30 +0300
Labels: app=ingress-appgw
kubernetes.azure.com/managedby=aks
pod-template-hash=cc567775f
Annotations: checksum/config: 4840ca8162703375ec3ba0d56802035b3908f91ccafe16b51a81ee01a87c741a
cluster-autoscaler.kubernetes.io/safe-to-evict: true
kubernetes.azure.com/metrics-scrape: true
prometheus.io/path: /metrics
prometheus.io/port: 8123
prometheus.io/scrape: true
resource-id:
/subscriptions/<redactred>/resourceGroups/<redacted>/providers/Microsoft.ContainerService/managedCluste...
Status: Running
IP: 10.10.16.109
IPs:
IP: 10.10.16.109
Controlled By: ReplicaSet/ingress-appgw-deployment-cc567775f
Containers:
ingress-appgw-container:
Container ID: containerd://6f9b92b8b028947ebf52426fe5f75a52948c08fcaa7783527571316d08dbf57f
Image: mcr.microsoft.com/azure-application-gateway/kubernetes-ingress:1.7.4
Image ID: mcr.microsoft.com/azure-application-gateway/kubernetes-ingress@sha256:92cb29fe2583e4e332f4a6610dd3cd812c2c975d388817934c5c33ff50452a75
Port: <none>
Host Port: <none>
State: Running
Started: Thu, 12 Sep 2024 10:58:22 +0300
Last State: Terminated
Reason: Error
Exit Code: 255
Started: Thu, 12 Sep 2024 10:56:26 +0300
Finished: Thu, 12 Sep 2024 10:56:57 +0300
Ready: True
Restart Count: 5
Limits:
cpu: 700m
memory: 600Mi
Requests:
cpu: 100m
memory: 20Mi
Liveness: http-get http://:8123/health/alive delay=15s timeout=1s period=20s #success=1 #failure=3
Readiness: http-get http://:8123/health/ready delay=5s timeout=1s period=10s #success=1 #failure=3
Environment Variables from:
ingress-appgw-cm ConfigMap Optional: false
Environment:
KUBERNETES_SERVICE_HOST: <redacted>.hcp.westeurope.azmk8s.io
KUBERNETES_PORT: tcp://<redacted>.hcp.westeurope.azmk8s.io:443
KUBERNETES_PORT_443_TCP: tcp://<redacted>.hcp.westeurope.azmk8s.io:443
KUBERNETES_PORT_443_TCP_ADDR: <redacted>.hcp.westeurope.azmk8s.io
AZURE_CLOUD_PROVIDER_LOCATION: /etc/kubernetes/azure.json
AGIC_POD_NAME: ingress-appgw-deployment-cc567775f-ktls9 (v1:metadata.name)
AGIC_POD_NAMESPACE: kube-system (v1:metadata.namespace)
AZURE_ENVIRONMENT: AZUREPUBLICCLOUD
Mounts:
/etc/kubernetes/azure.json from cloud-provider-config (ro)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-ffhg5 (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
cloud-provider-config:
Type: HostPath (bare host directory volume)
Path: /etc/kubernetes/azure.json
HostPathType: File
kube-api-access-ffhg5:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: CriticalAddonsOnly op=Exists
node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>
- Output of `kubectl logs .
...
-- App Gwy config -- {
-- App Gwy config -- "id": "/subscriptions/<redacred>/resourceGroups/MC_RG-<redacted>_westeurope/providers/Microsoft.Network/applicationGateways/<redacted>/rewriteRuleSets/crd-dev-gw-ingress-dev-<redacted>",
-- App Gwy config -- "name": "crd-dev-gw-ingress-dev-<redacted>",
-- App Gwy config -- "properties": {
-- App Gwy config -- "rewriteRules": [
-- App Gwy config -- {
-- App Gwy config -- "actionSet": {
-- App Gwy config -- "requestHeaderConfigurations": [],
-- App Gwy config -- "responseHeaderConfigurations": [],
-- App Gwy config -- "urlConfiguration": {
-- App Gwy config -- "modifiedPath": "/api/v{var_uri_path_1}/{var_uri_path_2}",
-- App Gwy config -- "modifiedQueryString": "",
-- App Gwy config -- "reroute": false
-- App Gwy config -- }
-- App Gwy config -- },
-- App Gwy config -- "conditions": [
-- App Gwy config -- {
-- App Gwy config -- "ignoreCase": false,
-- App Gwy config -- "negate": false,
-- App Gwy config -- "pattern": "/api/v([0-9]+)/r/(.*)",
-- App Gwy config -- "variable": "var_uri_path"
-- App Gwy config -- }
-- App Gwy config -- ],
-- App Gwy config -- "name": "gateforce-biller",
-- App Gwy config -- "ruleSequence": 1
-- App Gwy config -- }
-- App Gwy config -- ]
-- App Gwy config -- }
-- App Gwy config -- },
...
- Any Azure support tickets associated with this issue.
Found a workaround for this, I can set the modifiedQueryString: '{var_query_string}' and that keeps the original query string