Rewrite Host and Paths
This guide demonstrates host and path rewrites using Ingress and Service configuration.
Before you begin ensure that you have Installed Kong Ingress Controller with Gateway API support in your Kubernetes cluster and are able to connect to Kong.
Before you begin ensure that you have Installed Kong Ingress Controller with Gateway API support in your Kubernetes cluster and are able to connect to Kong.
Prerequisites
Install the Gateway APIs
-
Install the Gateway API CRDs before installing Kong Ingress Controller.
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
-
Create a
Gateway
andGatewayClass
instance to use.echo " --- apiVersion: gateway.networking.k8s.io/v1 kind: GatewayClass metadata: name: kong annotations: konghq.com/gatewayclass-unmanaged: 'true' spec: controllerName: konghq.com/kic-gateway-controller --- apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: kong spec: gatewayClassName: kong listeners: - name: proxy port: 80 protocol: HTTP " | kubectl apply -f -
The results should look like this:
gatewayclass.gateway.networking.k8s.io/kong created gateway.gateway.networking.k8s.io/kong created
Install Kong
You can install Kong in your Kubernetes cluster using Helm.
-
Add the Kong Helm charts:
helm repo add kong https://charts.konghq.com helm repo update
-
Install Kong Ingress Controller and Kong Gateway with Helm:
helm install kong kong/ingress -n kong --create-namespace
Test connectivity to Kong
Kubernetes exposes the proxy through a Kubernetes service. Run the following commands to store the load balancer IP address in a variable named PROXY_IP
:
-
Populate
$PROXY_IP
for future commands:export PROXY_IP=$(kubectl get svc --namespace kong kong-gateway-proxy -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo $PROXY_IP
-
Ensure that you can call the proxy IP:
curl -i $PROXY_IP
The results should look like this:
HTTP/1.1 404 Not Found Content-Type: application/json; charset=utf-8 Connection: keep-alive Content-Length: 48 X-Kong-Response-Latency: 0 Server: kong/3.0.0 {"message":"no Route matched with those values"}
Deploy an echo service
To proxy requests, you need an upstream application to send a request to. Deploying this echo server provides a simple application that returns information about the Pod it’s running in:
kubectl apply -f https://docs.konghq.com/assets/kubernetes-ingress-controller/examples/echo-service.yaml
The results should look like this:
service/echo created
deployment.apps/echo created
Add routing configuration
Create routing configuration to proxy /echo
requests to the echo server:
The results should look like this:
Test the routing rule:
curl -i -H 'Host:kong.example' $PROXY_IP/echo
The results should look like this:
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 140
Connection: keep-alive
Date: Fri, 21 Apr 2023 12:24:55 GMT
X-Kong-Upstream-Latency: 0
X-Kong-Proxy-Latency: 1
Via: kong/3.2.2
Welcome, you are connected to node docker-desktop.
Running on Pod echo-7f87468b8c-tzzv6.
In namespace default.
With IP address 10.1.0.237.
...
If everything is deployed correctly, you should see the above response. This verifies that Kong Gateway can correctly route traffic to an application running inside Kubernetes.
Host manipulation
Kong Ingress Controller provides two annotations for manipulating the Host
header. These annotations allow for three different behaviours:
- Preserve the user-provided
Host
header - Default to the
Host
of the upstream service - Explicitly set the
Host
header to a known value
Preserve the Host header
Kong Ingress Controller preserves the hostname in the request by default.
$ curl -H 'Host:kong.example' "$PROXY_IP/echo?details=true"
HTTP request details
---------------------
Protocol: HTTP/1.1
Host: kong.example
Method: GET
URL: /?details=true
The Host
header in the response matches the Host
header in the request.
Use the upstream Host name
You can disable preserve-host
if you want the Host
header to contain the upstream hostname of your service.
Add the konghq.com/preserve-host
annotation to your route:
The Host
header in the response now contains the upstream Host and Port.
HTTP request details
---------------------
Protocol: HTTP/1.1
Host: 192.168.194.11:1027
Method: GET
URL: /?details=true
Set the Host header explicitly
Using Gateway API
You can set the Host header explicitly when using Gateway API’s HTTPRoute with URLRewrite
filter’s hostname
field. You only need to add a URLRewrite
filter to your HTTPRoute rule.
...
filters:
- type: URLRewrite
urlRewrite:
hostname: internal.myapp.example.com
Using the konghq.com/host-header
annotation
You can set the Host header explicitly if needed by disabling konghq.com/preserve-host
and setting the konghq.com/host-header
annotation.
-
Add the
konghq.com/preserve-host
annotation to your Ingress, to disablepreserve-host
and send the hostname provided in thehost-header
annotation: - Add the
konghq.com/host-header
annotation to your Service, which sets theHost
header directly:$ kubectl patch service echo -p '{"metadata":{"annotations":{"konghq.com/host-header":"internal.myapp.example.com"}}}'
-
Make a
curl
request with aHost
header:curl -H 'Host:kong.example' "$PROXY_IP/echo?details=true"
The request upstream now uses the header from the
host-header
annotation:HTTP request details --------------------- Protocol: HTTP/1.1 Host: internal.myapp.example.com:1027 Method: GET URL: /?details=true
Path manipulation
Users have the following options to rewrite the default path handling behavior:
- Rewrite using Gateway API’s
URLRewrite
filter - Rewrite using regular expressions
- Remove the path prefix using
strip-path
- Add a path prefix using the
path
annotation
Rewriting the path
Strip the path
This is the default behavior of Kong Ingress Controller. Set
konghq.com/strip-path="false"
to disable this behavior
Add the konghq.com/strip-path
annotation to your Ingress, which strips
the path component of the route/Ingress, leaving the remainder of the path at
the root:
The request upstream now only contains the path components not in the Ingress rule:
HTTP request details
---------------------
Protocol: HTTP/1.1
Host: kong.example
Method: GET
URL: /?details=true
Prepend a path
Add the konghq.com/path
annotation to your Service, which prepends
that value to the upstream path:
$ kubectl patch service echo -p '{"metadata":{"annotations":{"konghq.com/path":"/api"}}}'
The request upstream now contains a leading /api
:
HTTP request details
---------------------
Protocol: HTTP/1.1
Host: kong.example
Method: GET
URL: /api?details=true
strip-path
and path
can be combined together, with the path
component
coming first. Adding both annotations send requests for /api/echo
.