Getting Error: admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: ingress contains invalid paths: path /p.js cannot be used with pathType Exact

[tedcao]

I was trying to deploy the jitsu to Digital Ocean Kubernetes. I am new to helm and Kubrenetes.

What I am expecting to achieve is to self host the service use connector without the 1 sync pre 24 hours limits for personal use.

I have set up the namespace and also install the Nginx for reverse proxy.

# Create namespace
kubectl create namespace ingress-nginx

# Install nginx ingress controller
helm install nginx-ingress ingress-nginx/ingress-nginx \
  --namespace ingress-nginx \
  --set controller.publishService.enabled=true

According to the basic configuration.

I have created a values.yaml like following:

postgresql:
  auth:
    password: "1234"
mongodb:
  auth:
    passwords:
      ["1234"]
clickhouse:
  auth:
    password: "1234"

ingress:
  className: "nginx"
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
  host: "jitsu.tedcao.com"
  tls: true
  paths:
    - path: "/"
      pathType: Prefix

console:
  config:
    seedUserEmail: "[email protected]"
    seedUserPassword: "qwer2345"

After run:
helm install jitsu oci://registry-1.docker.io/stafftasticcharts/jitsu -f values.yaml
I am getting the following error message:

ulled: registry-1.docker.io/stafftasticcharts/jitsu:2.2.0
Digest: sha256:2c03097da8da678569229dbb45f6517ad086faea045618280992e956e444b884
coalesce.go:237: warning: skipped value for kafka.config: Not a table.
W0116 01:58:43.327684   64620 warnings.go:70] path /p.js cannot be used with pathType Exact

Error: INSTALLATION FAILED: 1 error occurred:
        * admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: ingress contains invalid paths: path /p.js cannot be used with pathType Exact

I have looked into the file and find out the error message seems come from

templates/ingress/yaml line 48-49

Should the pathType be Prefix? Or there were something wrong with my values.yaml?

Thanks a lot!

[echozio]

Hi,

This is caused by ingress-nginx recently enabling their "strict-validate-path-type" option by default, which imposes pretty strict limitations on what kind of paths you can use with pathType Exact and Prefix. Their suggested workaround is to use pathType ImplementationSpecific, but this as is the name implies implementation-specific, and we'd like to avoid making the chart dependent on the behavior of a specific ingress controller.

There's some more discussion around this at kubernetes/ingress-nginx#11176 if you're interested.

The easiest way to get the ingress working would be to set strict-validate-path-type to false for the ingress controller, which I believe you can do by setting the Helm chart value controller.config.strict-validate-path-type=false.

If you're managing a shared environment where the content of paths may not be trusted it's a good idea to read up on the security concerns that lead to this decision on the ingress-nginx end before changing this option.

If you can't use this option your best bet is probably to use the separate ingresses that allow for more customization, console.ingress and ingest.ingress, with which you'll be able to set your own paths and create an ImplementationSpecific path for ingress-nginx that does the same as the default Exact path in order to get the same behavior as the default.

[tedcao]

Thanks a lot! Much appreciated.