返回
创建于
状态公开

Nginx Ingress PathType Exact 限制错误解决方案

您遇到的错误是由于 Nginx Ingress Controller 启用了严格的路径类型验证导致的。错误信息表明 /openapi.json 路径无法与 pathType: Exact 一起使用。

错误原因分析

strict-validate-path-type 检查默认启用,对 ExactPrefix 类型的路径进行严格验证[1][2]。对于 pathType: Exact,只允许特定字符集,不允许包含点(.)等特殊字符[3]。

由于 /openapi.json 包含点(.)字符,因此无法通过 pathType: Exact 的验证。

解决方案

1. 使用 ImplementationSpecific 路径类型(推荐)

pathTypeExact 改为 ImplementationSpecific

yaml
1apiVersion: networking.k8s.io/v1
2kind: Ingress
3metadata:
4  name: subtitle-ingress
5  namespace: default
6  annotations:
7    kubernetes.io/ingress.class: nginx
8spec:
9  tls:
10    - hosts:
11        - subtitle.us4ever.com
12      secretName: subtitle-tls
13  rules:
14    - host: subtitle.us4ever.com
15      http:
16        paths:
17          - path: /openapi.json
18            pathType: ImplementationSpecific
19            backend:
20              service:
21                name: subtitle-api-service
22                port:
23                  number: 8080
24          - path: /
25            pathType: Prefix
26            backend:
27              service:
28                name: subtitle-main-service
29                port:
30                  number: 80

2. 使用正则表达式匹配

如果需要精确匹配,可以使用正则表达式:

yaml
1apiVersion: networking.k8s.io/v1
2kind: Ingress
3metadata:
4  name: subtitle-ingress
5  namespace: default
6  annotations:
7    kubernetes.io/ingress.class: nginx
8    nginx.ingress.kubernetes.io/use-regex: "true"
9spec:
10  tls:
11    - hosts:
12        - subtitle.us4ever.com
13      secretName: subtitle-tls
14  rules:
15    - host: subtitle.us4ever.com
16      http:
17        paths:
18          - path: /openapi\.json$
19            pathType: ImplementationSpecific
20            backend:
21              service:
22                name: subtitle-api-service
23                port:
24                  number: 8080
25          - path: /
26            pathType: Prefix
27            backend:
28              service:
29                name: subtitle-main-service
30                port:
31                  number: 80

3. 禁用严格路径验证(集群级别)

注意:此方法影响整个集群,需要谨慎使用

修改 Nginx Ingress Controller 的 ConfigMap:

yaml
1apiVersion: v1
2kind: ConfigMap
3metadata:
4  name: ingress-nginx-controller
5  namespace: ingress-nginx
6data:
7  strict-validate-path-type: "false"

应用配置后重启 Ingress Controller:

bash
1kubectl rollout restart deployment/ingress-nginx-controller -n ingress-nginx

路径类型说明

路径类型说明使用场景
Exact完全匹配,仅允许基本字符[4]简单路径,不含特殊字符
Prefix前缀匹配,按/分割[4]通用路径匹配
ImplementationSpecific实现特定,支持正则表达式[5]包含特殊字符或需要正则匹配

验证修复

bash
1# 应用配置
2kubectl apply -f subtitle-ingress.yaml
3
4# 检查状态
5kubectl get ingress subtitle-ingress
6
7# 测试端点
8curl -H "Host: subtitle.us4ever.com" http://your-ingress-ip/openapi.json

最佳实践建议

  1. 优先使用 ImplementationSpecific:对于包含特殊字符的路径[5]
  2. 保持路径简洁:避免在 Exact 类型中使用特殊字符
  3. 使用正则表达式:需要精确匹配时配合 use-regex 注解[6]
  4. 测试验证:修改后务必验证路径是否正常工作

通过使用 pathType: ImplementationSpecific,您可以成功解决此验证错误,同时保持对 /openapi.json 路径的精确匹配。

[1] https://devops.stackexchange.com/questions/19915/ingress-failing-due-to-error-path-cannot-be-used-with-pathtype-prefix [2] https://github.com/stafftastic/jitsu-chart/issues/63 [3] https://github.com/kubernetes/ingress-nginx/issues/11176 [4] https://kubernetes.io/docs/concepts/services-networking/ingress/ [5] https://kubernetes.github.io/ingress-nginx/examples/openpolicyagent/ [6] https://kubernetes.github.io/ingress-nginx/user-guide/ingress-path-matching/ [7] https://github.com/kubernetes/ingress-nginx/issues/10200 [8] https://github.com/kubernetes/ingress-nginx/issues/13089 [9] https://stackoverflow.com/questions/60397218/fastapi-docs-not-working-with-nginx-ingress-controller [10] https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ [11] https://kodekloud.com/community/t/how-ingress-path-type-differs/460037 [12] https://www.reddit.com/r/kubernetes/comments/wf3bd9/nginxingress_is_driving_me_nuts/ [13] https://cloud.ibm.com/docs/containers?topic=containers-ts-ingress-webhook [14] https://stackoverflow.com/questions/74770691/kubernetes-ingress-exact-not-prioritized-over-prefix [15] https://stackoverflow.com/questions/69842518/multiple-ingress-nginx-in-kubernetes-not-validating-webhook-not-working [16] https://github.com/kubernetes/ingress-nginx/issues/10618 [17] https://kodekloud.com/community/t/issue-in-configuring-ingress-path-based-routing/355780 [18] https://github.com/kubernetes/ingress-nginx/issues/8216 [19] https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resources/basic-configuration/ [20] https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/