From b9f8855dd9e0c93f8f5f8ba4843574919543bb26 Mon Sep 17 00:00:00 2001 From: longwuyuan Date: Thu, 4 Apr 2024 15:22:08 +0530 Subject: [PATCH] chunking related faq update --- docs/faq.md | 44 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index 253378c65e..a210c221b9 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -7,27 +7,51 @@ Please read [Retain Client IPAddress Guide here](./user-guide/retaining-client-i ## Kubernetes v1.22 Migration -If you are using Ingress objects in your cluster (running Kubernetes older than v1.22), and you plan to upgrade your Kubernetes version to K8S 1.22 or above, then please read [the migration guide here](./user-guide/k8s-122-migration.md). +If you are using Ingress objects in your cluster (running Kubernetes older than +version 1.22), and you plan to upgrade your Kubernetes version to K8S 1.22 or +above, then please read [the migration guide here](./user-guide/k8s-122-migration.md). ## Validation Of __`path`__ -- For improving security and also following desired standards on Kubernetes API spec, the next release, scheduled for v1.8.0, will include a new & optional feature of validating the value for the key `ingress.spec.rules.http.paths.path` . +- For improving security and also following desired standards on Kubernetes API +spec, the next release, scheduled for v1.8.0, will include a new & optional +feature of validating the value for the key `ingress.spec.rules.http.paths.path`. -- This behavior will be disabled by default on the 1.8.0 release and enabled by default on the next breaking change release, set for 2.0.0. +- This behavior will be disabled by default on the 1.8.0 release and enabled by +default on the next breaking change release, set for 2.0.0. -- When "`ingress.spec.rules.http.pathType=Exact`" or "`pathType=Prefix`", this validation will limit the characters accepted on the field "`ingress.spec.rules.http.paths.path`", to "`alphanumeric characters`", and `"/," "_," "-."` Also, in this case, the path should start with `"/."` +- When "`ingress.spec.rules.http.pathType=Exact`" or "`pathType=Prefix`", this +validation will limit the characters accepted on the field "`ingress.spec.rules.http.paths.path`", +to "`alphanumeric characters`", and `"/," "_," "-."` Also, in this case, +the path should start with `"/."` -- When the ingress resource path contains other characters (like on rewrite configurations), the pathType value should be "`ImplementationSpecific`". +- When the ingress resource path contains other characters (like on rewrite +configurations), the pathType value should be "`ImplementationSpecific`". - API Spec on pathType is documented [here](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) -- When this option is enabled, the validation will happen on the Admission Webhook. So if any new ingress object contains characters other than "`alphanumeric characters`", and `"/," "_," "-."` , in the `path` field, but is not using `pathType` value as `ImplementationSpecific`, then the ingress object will be denied admission. +- When this option is enabled, the validation will happen on the Admission +Webhook. So if any new ingress object contains characters other than +alphanumeric characters, and, `"/,","_","-"`, in the `path` field, but +is not using `pathType` value as `ImplementationSpecific`, then the ingress +object will be denied admission. -- The cluster admin should establish validation rules using mechanisms like "`Open Policy Agent`", to validate that only authorized users can use ImplementationSpecific pathType and that only the authorized characters can be used. [The configmap value is here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) +- The cluster admin should establish validation rules using mechanisms like +"`Open Policy Agent`", to validate that only authorized users can use +ImplementationSpecific pathType and that only the authorized characters can be +used. [The configmap value is here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#strict-validate-path-type) - A complete example of an Openpolicyagent gatekeeper rule is available [here](https://kubernetes.github.io/ingress-nginx/examples/openpolicyagent/) -- If you have any issues or concerns, please do one of the following: - - Open a GitHub issue +- If you have any issues or concerns, please do one of the following: + - Open a GitHub issue - Comment in our Dev Slack Channel - - Open a thread in our Google Group ingress-nginx-dev@kubernetes.io + - Open a thread in our Google Group + +## Why is chunking not working since controller v1.10 ? + +- If your code is setting the HTTP header `"Transfer-Encoding: chunked"` and +the controller log messages show an error about duplicate header, it is +because of this change + +- More details are available in this issue