CODEWITHSUNDEEP
nginxkuberneteskubernetes-ingressnginx-ingress
Rahul Kumar Aggarwal
Rahul Kumar Aggarwal

Reputation: 33

nginx.ingress.kubernetes.io/server-snippet annotation contains invalid word location

I am new to kubernetes and using AWS EKS cluster 1.21. I am trying to write the nginx ingress config for my k8s cluster and blocking some request using server-snippet. My ingress config is below

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: abc-ingress-external
  namespace: backend
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    kubernetes.io/ingress.class: nginx-external
    nginx.ingress.kubernetes.io/server-snippet: |
       location = /ping {
         deny all;
         return 403;
       }
spec:
  rules:
  - host: dev-abc.example.com
    http:
      paths:
      - backend:
          service:
              name: miller
              port:
                number: 80
        path: /
        pathType: Prefix

When I apply this config, I get this error:

for: "ingress.yml": admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: nginx.ingress.kubernetes.io/server-snippet annotation contains invalid word location

I looked into this and got this is something related to annotation-value-word-blocklist. However i don't know how to resolve this. Any help would be appreciated.

Upvotes: 3

Views: 2064

Answers (2)

Eino Gourdin
Eino Gourdin

Reputation: 4557

Alternatively, replacing nginx.ingress.kubernetes.io/server-snippet by nginx.org/server-snippets fixed the issue for me. See for instance here

Upvotes: 1

gohm'c
gohm'c

Reputation: 15568

Seems there's issue using location with some versions. The following was tested successfully on EKS cluster.

Install basic ingress-nginx on EKS:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/aws/deploy.yaml

Note: If your cluster version is < 1.21, you need to comment out ipFamilyPolicy and ipFamilies in the service spec.

Run a http service:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/http-svc.yaml

Create an ingress for the service:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: http-svc
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/server-snippet: |
       location = /ping {
         deny all;
         return 403;
       }
spec:
  rules:
  - host: test.domain.com
    http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: http-svc
            port:
              number: 8080

Return 200 as expected: curl -H 'HOST: test.domain.com' http://<get your nlb address from the console>

Return 200 as expected: curl -H 'HOST: test.domain.com' -k https://<get your nlb address from the console>

Return 403 as expected, the snippet is working: curl -H 'HOST: test.domain.com' -k https://<get your nlb address from the console>/ping

enter image description here

Use the latest release to avoid the "annotation contains invalid word location" issue.

Upvotes: 3

Related Questions