All Products
Search

This Product

    Container Service for Kubernetes:Customize the routing rules of an ALB Ingress

    Document Center

    Container Service for Kubernetes:Customize the routing rules of an ALB Ingress

    Last Updated:Dec 12, 2023

    Application Load Balancer (ALB) Ingresses allow you to configure custom routing rules. A routing rule consists of routing conditions and actions. You can add routing conditions to match domain names, paths, request headers, query strings, request methods, cookies, or source IP addresses in requests. You can also add routing actions to return fixed responses, redirect requests, insert request headers, delete request headers, mirror traffic, forward requests to multiple backend server groups, or rewrite requests. This topic describes how to customize the routing rules of an ALB Ingress.

    Prerequisites

    ALB Ingress controller 2.5.0 or later is installed in your cluster. For more information, see Manage components.

    Routing conditions

    Important

    • You can add at most 10 routing conditions to one routing rule.

    • Routing conditions ResponseHeader and ResponseStatusCode only take effect in custom outbound routing rules.

    Introduction to routing conditions

    ALB Ingresses allow you to configure routing conditions in the annotation alb.ingress.kubernetes.io/conditions.<Service name>. The logical relation among different rule blocks is AND. If multiple values are specified in a rule block, the logical relation among the values is OR. For example, if you configure two header rule blocks, the logical relation between the two header rule blocks is AND. If you configure multiple headers in a header rule block, the logical relation among the headers is OR. The following table describes the routing rules that you can create for an ALB Ingress.

    Routing condition

    Description

    Domain name

    You can add this condition to route only requests that are destined for the specified domain names. Sample code: 

    alb.ingress.kubernetes.io/conditions.host-example: |
  [{
      "type": "Host",
      "hostConfig": {
        "values": [
          "anno.example.com"
        ]
      }
  }]

    • type: the type of routing condition. To match requests based on domain names, set the value to Host.

    • HostConfig: the domain names that are used to match requests. If you specify multiple domain names, the logical relation among the domain names is OR.

    URL

    You can add this condition to route only requests that are sent to the specified paths. Sample code: 

    alb.ingress.kubernetes.io/conditions.path-example: |
  [{
    "type": "Path",
    "pathConfig": {
      "values": [
        "/pathvalue1",
        "/pathvalue2"
      ]
    }
  }]

    • type: the type of routing condition. To match requests based on paths, set the value to Path.

    • pathConfig: the paths that are used to match requests. If you specify multiple paths, the logical relation among the paths is OR.

    Header

    You can add this condition to route only requests that contain the specified headers. Sample code: 

    alb.ingress.kubernetes.io/conditions.http-header-example: |
  [{
    "type": "Header",
    "headerConfig": {
      "key": "headername",
      "values": [
        "headervalue1"
        "headervalue2"
      ]
     }
  }]

    • type: the type of routing condition. To match requests based on headers, set the value to Header.

    • headerConfig: the key-value pairs that are used to match requests. If you specify multiple header values, the logical relation among the header values is OR.

    Query string

    You can add this condition to route only requests that contain the specified query strings. Sample code: 

    alb.ingress.kubernetes.io/conditions.query-string-example: |
  [{
    "type": "QueryString",
    "queryStringConfig": {
      "values": [
        {
           "key":"querystringkey1",
           "value":"querystringvalue2"
        }
      ]
    }
  }]

    • type: the type of routing condition. To match requests based on query strings, set the value to QueryString.

    • queryStringConfig: the key-value pairs that are used to match requests. The keys and values must be 1 to 100 characters in length, and can contain lowercase letters, visible characters, asterisks (*), and question marks (?). The keys and values cannot contain space characters or the following special characters: # [] {} \ | <> &. If you specify multiple query strings, the logical relation among the query strings is OR.

    Request method

    You can add this condition to route only requests that use the specified request methods. Sample code: 

    alb.ingress.kubernetes.io/conditions.http-method-example: |
  [{
    "type": "Method",
    "methodConfig": {
      "values": [
        "GET",
        "HEAD"
      ]
    }
  }]

    • type: the type of routing condition. To match requests based on request methods, set the value to Method.

    • methodConfig: the request methods that are used to match requests. Supported methods are GET, POST, PUT, DELETE, HEAD, OPTIONS, and PATCH. If you specify multiple request methods, the logical relation among the request methods is OR.

    Cookie

    You can add this condition to route only requests that contain the specified cookies. Sample code: 

    alb.ingress.kubernetes.io/conditions.http-cookie-example: |
  [{
    "type": "Cookie",
    "cookieConfig": {
      "values": [
        {
           "key":"cookiekey1",
           "value":"cookievalue2"
        }
      ]
     }
  }]

    • type: the type of routing condition. To match requests based on cookies, set the value to Cookie.

    • cookieConfig: the key-value pairs that are used to match requests. The keys and values must be 1 to 100 characters in length, and can contain lowercase letters, visible characters, asterisks (*), and question marks (?). The keys and values cannot contain space characters or the following special characters: # [] {} \ | <> &. If you specify multiple cookies, the logical relation among the cookies is OR.

    SourceIP

    You can add this condition to route only requests from the specified source IP addresses. Sample code: 

    alb.ingress.kubernetes.io/conditions.source-ip-example: |
  [{
    "type": "SourceIp",
    "sourceIpConfig": {
      "values": [
        "192.168.0.0/16",
        "172.16.0.0/16"
      ]
    }
  }]

    • type: the type of routing condition. To match requests based on source IP addresses, set the value to SourceIP.

    • sourceIpConfig: the source IP addresses that are used to match requests. If you specify multiple source IP addresses, the logical relation among the source IP addresses is OR.

    ResponseHeader

    You can add this condition to route only responses that contain the specified response headers. Sample code: 

    alb.ingress.kubernetes.io/conditions.response-header-example: |
  [{
    "type": "ReponseHeader",
    "headerConfig": {
      "key": "headername",
      "values": [
        "headervalue1"
        "headervalue2"
      ]
     }
  }]

    • type: the type of routing condition. To match requests based on response headers, set the value to ResponseHeader.

    • headerConfig: the key-value pairs that are used to match requests. If you specify multiple header values, the logical relation among the header values is OR.

    ResponseStatusCode

    You can add this condition to route only requests that return specified status codes. Sample code: 

    alb.ingress.kubernetes.io/conditions.response-code-example: |
  [{
    "type": "ResponseStatusCode",
    "responseStatusCodeConfig": {
      "values": [
        "statuscode1",
        "statuscode2"
      ]
    }
  }]

    • type: the type of routing condition. To match requests based on response status codes, set the value to ResponseStatusCode.

    • responseStatusCodeConfig: the specified response status code. If you specify multiple response status codes, the logical relation among the codes is OR.

    Scenario 1: Route traffic based on source IP addresses and request headers

    Note

    You can add at most five source IP addresses to the custom conditions for one routing rule.

    The following code block is used to route packets based on source IP addresses, request headers, and paths.

    In the following code block, the source IP addresses are set to 192.168.0.0/16 and 172.16.0.0/16, the header key is set to gray-hello, the header values are set to value1 and value2, and the path is set to /hello. Only requests whose source IP addresses, headers, and paths match all of the preceding conditions are routed to the gray-hello service. Other requests are routed to other services. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
   alb.ingress.kubernetes.io/order: "1"
   alb.ingress.kubernetes.io/conditions.gray-hello: |
     [{
       "type": "Header",
       "headerConfig": {
          "key":"gray-hello",
           "values": [
              "value1",
              "value2"
           ]
       }
      },
      {
         "type": "SourceIp",
         "sourceIpConfig": {
           "values": [
             "192.168.0.0/16",
             "172.16.0.0/16"
           ]
         }
     }]
  name: gray-hello
spec:
  ingressClassName: alb
  rules:
   - http:
      paths:
      - path: /hello
        pathType: ImplementationSpecific
        backend:
          service:
            name: gray-hello
            port:
              number: 88

    alb.ingress.kubernetes.io/order: the priority of the Ingress. A smaller value indicates a higher priority.

    Scenario 2: Route traffic based on domain names, request methods, and cookies

    The following code block is used to route packets based on domain names, request methods, and cookies.

    In the following code block, the request methods are set to GET and HEAD, the domain names are set to www.hostvalue1.edu and www.hostvalue2.edu, the key of the cookie is set to cookiekey1, the value of the cookie is set to cookievalue1, and the path is set to /test. Only requests whose domain names, request methods, cookies, and paths match all of the preceding conditions are routed to the gray-hello service. Other requests are routed to the service-b service. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
   alb.ingress.kubernetes.io/conditions.service-a: |
     [{
       "type": "Cookie",
       "cookieConfig": {
         "values": [
           {
             "key":"cookiekey1",
             "value":"cookievalue1"
           }
        ]
       }
      },
      {
       "type": "Method",
       "methodConfig": {
         "values": [
           "GET",
           "HEAD"
         ]
       }
      },
     {
       "type": "Host",
       "hostConfig": {
           "values": [
              "www.hostvalue1.edu",
              "www.hostvalue2.edu"
           ]
       }
      }]
  name: ingress-example
spec:
  ingressClassName: alb
  rules:
   - http:
      paths:
      - path: /test
        pathType: ImplementationSpecific
        backend:
          service:
            name: service-a
            port:
              number: 88
      - path: /test
        pathType: ImplementationSpecific
        backend:
          service:
            name: service-b
            port:
              number: 88

    Scenario 3: Route traffic based on query strings, multiple request headers, and multiple paths

    The following code block is used to route packets based on query strings, multiple request headers, and multiple paths.

    In the following code block, the paths are set to /pathvalue1, /pathvalue2, and /test, the query string key is set to querystringkey1, and the query string value is set to querystringvalue2. In addition, the code block specifies that the request must contain headerkey1 and headerkey2. The header value for headerkey1 must be headervalue1 or headervalue2, and the header value for headervalue2 must be headervalue3 or headervalue4. Only requests whose query strings, request headers, and paths match all of the preceding conditions are routed to the service-a service. Other requests are routed to the service-b service. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
   alb.ingress.kubernetes.io/conditions.service-a: |
     [{
       "type": "Path",
       "pathConfig": {
           "values": [
              "/pathvalue1",
              "/pathvalue2"
           ]
       }
      },
      {
       "type": "QueryString",
       "queryStringConfig": {
         "values": [
           {
             "key":"querystringkey1",
             "value":"querystringvalue2"
           }
        ]
       }
      },
     {
       "type": "Header",
       "headerConfig": {
          "key":"headerkey1",
           "values": [
              "headervalue1",
              "headervalue2"
           ]
       }
     },
     {
       "type": "Header",
       "headerConfig": {
          "key":"headerkey2",
           "values": [
              "headervalue3",
              "headervalue4"
           ]
       }
     }]
  name: ingress-example
spec:
  ingressClassName: alb
  rules:
   - http:
      paths:
      - path: /test
        pathType: ImplementationSpecific
        backend:
          service:
            name: service-a
            port:
              number: 88
      - path: /test
        pathType: ImplementationSpecific
        backend:
          service:
            name: service-b
            port:
              number: 88

    Routing actions

    Introduction to routing actions

    ALB Ingresses allow you to configure routing actions for inbound and outbound routing rules in the annotation alb.ingress.kubernetes.io/actions.<Service name>. You can add routing actions to return fixed responses, redirect requests, insert request headers, delete request headers, mirror traffic, forward requests to multiple backend server groups, or rewrite requests. ALB Ingresses allow you to define different routing actions to process requests and responses on demand.

    Note

    • The Service name in the annotation alb.ingress.kubernetes.io/actions.<Service name> must be the same as the Service name specified in backend in the rule field.

    • In the same routing rule, you cannot add multiple termination actions at the same time. For example, you cannot add routing actions to return fixed responses, redirect requests, or forward requests to multiple backend server groups at the same time.

    • When you add routing actions to return fixed responses, redirect requests, or forward requests to multiple backend server groups, the name of the servicePort specified in backend in the rule field must be use-annotation.

    Routing actions for inbound routing rules

    Routing action

    Description

    Return fixed responses

    You can configure the ALB Ingress to return fixed content to clients. You can specify the status code, content, and type of content that are returned to clients. Sample code: 

    alb.ingress.kubernetes.io/actions.response-503: |
  [{
      "type": "FixedResponse",
      "FixedResponseConfig": {
          "contentType": "text/plain",
          "httpCode": "503",
          "content": "503 error text"
      }
  }]

    • type: the type of routing action. To return fixed responses, set the value to FixedResponse.

    • contentType: the type of content to be returned.

    • httpCode: the status code to be returned.

    • content: the content to be returned.

    Redirect requests

    You can use the HTTP 3XX status codes to redirect requests to other Service addresses. Sample code:

    Note

    You cannot keep the default settings for all redirect parameters at the same time, excluding httpCode. 

    alb.ingress.kubernetes.io/actions.redirect: |
  [{
      "type": "Redirect",
      "RedirectConfig": {
          "host": "${host}",
          "path": "${path}",
          "port": "${port}",
          "protocol": "${protocol}",
          "query": "${query}",
          "httpCode": "301"
      }
  }]

    • type: the type of routing action. To redirect requests, set the value to Redirect.

    • host: the domain name to which requests are redirected.

    • path: the path to which requests are redirected.

    • port: the port to which requests are redirected.

    • protocol: the protocol of the redirected requests.

    • query: the query string of the redirected requests.

    • httpCode: the status code of the redirected requests.

    Mirror traffic

    You can specify the ID of a server group to mirror traffic to the specified server group. Sample code:

    Note

    • The traffic mirroring action can be used together only with the actions that are used to forward requests, write headers, delete headers, and throttle traffic. This action is mutually exclusive with the actions that are used to rewrite requests, return fixed responses, and redirect requests.

    • You can use only the ServerGroupID parameter to specify the server group to which traffic is mirrored. 

    alb.ingress.kubernetes.io/actions.traffic-mirror: |
      [{
          "type": "TrafficMirror",
          "TrafficMirrorConfig": {
              "TargetType" : "ForwardGroupMirror",
              "MirrorGroupConfig": {
                  "ServerGroupTuples" : [{
                      "ServerGroupID": "sgp-2auud2fxj1r46*****"
                  }]
              }
           }
      }]

    • type: the type of action. To mirror traffic, set the value to TrafficMirror.

    • TargetType: the type of destination to which traffic is mirrored. Set the value to ForwardGroupMirror to mirror traffic to the specified server group.

    • ServerGroupID: the ID of the server group to which traffic is mirrored.

    Forward requests to multiple backend server groups

    To forward requests to multiple backend server groups, you need to set the ServerGroupID field to specify server group IDs or set the ServiceName and ServicePort fields to create or associate server groups. You can also specify the weight of each backend server group. Sample code:

    Note

    • You can associate at most five backend server groups with a standard ALB instance.

    • If you set the ServerGroupID, ServiceName, and ServicePort fields at the same time to associate backend server groups, the ServerGroupID field takes precedence. 

    alb.ingress.kubernetes.io/actions.forward: |
       [{
           "type": "ForwardGroup",
           "ForwardConfig": {
             "ServerGroups" : [{
               "ServiceName": "tea-svc",
               "Weight": 30,
               "ServicePort": 80
             },
             {
               "ServiceName": "coffee-svc",
               "Weight": 20,
               "ServicePort": 80
             },
             {
               "ServerGroupID": "sgp-71aexb9y93ypo*****",
               "Weight": 20
             },
             {
               "ServerGroupID": "sgp-slygpbvm2cydo*****",
               "Weight": 30
             }]
           }
       }]

    • type: the type of action. To forward requests to multiple backend server groups, set the value to ForwardGroup.

    • ForwardConfig: configurations of the backend server groups. Requests are forwarded to multiple server groups based on their weights.

    • ServerGroupId: the ID of the server group.

    • ServiceName: the name of the Service that is exposed by using the ALB instance.

    • ServicePort: the Service port.

    • Weight: the weight of the server group.

    Rewrite requests

    After you configure a rewrite rule for an ALB instance, the domain names, paths, and query strings of requests are rewritten. Sample code:

    Note

    • The rewrite action conflicts with the rewrite-target annotation. Do not specify the rewrite-target annotation when you configure the rewrite action.

    • You cannot add routing actions to rewrite requests and return fixed responses at the same time. You cannot add routing actions to rewrite requests and redirect requests at the same time. 

    alb.ingress.kubernetes.io/actions.rewrite: |
       [{
           "type": "Rewrite",
           "RewriteConfig": {
               "Host": "demo.domain.ingress.top",
               "Path": "/test",
               "Query": "querystring"
           }
       }]

    • type: the type of action. To enable an ALB instance to rewrite requests, set the value to Rewrite.

    • RewriteConfig: configurations of the rewrite rule.

    • Host: rewrites the matched domain name.

    • Path: rewrites the matched path.

    • Query: rewrites the matched query string.

    For more information about rewrite rules, see Configure rewrite rules.

    Insert request headers

    You can specify the names and values of header fields to overwrite the existing header variables in requests. Sample code: 

    alb.ingress.kubernetes.io/actions.insert-header: |
  [{
      "type": "InsertHeader",
      "InsertHeaderConfig": {
          "key": "key",
          "value": "value",
          "valueType": "UserDefined"
      }
  }]

    • type: the type of routing action. To insert request headers, set the value to InsertHeader.

    • key: the name of the header field to be inserted.

    • value: the value of the header field to be inserted.

    • valueType: the type of value.

    Delete request headers

    You can delete the keys and values of request headers. Sample code: 

    alb.ingress.kubernetes.io/actions.remove-header: |
     [{
         "type": "RemoveHeader",
         "RemoveHeaderConfig": {
             "key": "key"
         }
     }]

    type: the type of routing action. To delete request headers, set the value to RemoveHeader.

    key: the name of the header field to be inserted.

    Routing actions for outbound routing rules

    Routing action

    Description

    Insert request headers

    You can specify the names and values of header fields to overwrite the existing header variables in requests. Sample code: 

    alb.ingress.kubernetes.io/actions.insert-header: |
  [{
      "type": "InsertHeader",
      "InsertHeaderConfig": {
          "key": "key",
          "value": "value",
          "valueType": "UserDefined"
      }
  }]

    • type: the type of routing action. To insert request headers, set the value to InsertHeader.

    • key: the name of the header field to be inserted.

    • value: the value of the header field to be inserted.

    • valueType: the type of value.

    Delete request headers

    You can delete the keys and values of request headers. Sample code: 

    alb.ingress.kubernetes.io/actions.remove-header: |
     [{
         "type": "RemoveHeader",
         "RemoveHeaderConfig": {
             "key": "key"
         }
     }]

    type: the type of routing action. To delete request headers, set the value to RemoveHeader.

    key: the name of the header field to be deleted.

    Scenario 1: Return status code 503 and fixed content

    The following code block is used to return status code 503 and the specified 503 error text: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: default
  name: ingress
  annotations:
    alb.ingress.kubernetes.io/actions.response-503: |
      [{
          "type": "FixedResponse",
          "FixedResponseConfig": {
              "contentType": "text/plain",
              "httpCode": "503",
              "content": "503 error text"
          }
      }]
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: response-503
                port:
                  name: use-annotation

    Scenario 2: Use 301 redirect to redirect requests to an HTTPS port

    The following code block is used to redirect requests to an HTTPS port: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: default
  name: ingress
  annotations:
    alb.ingress.kubernetes.io/actions.redirect: |
      [{
          "type": "Redirect",
          "RedirectConfig": {
              "host": "${host}",
              "path": "${path}",
              "port": "${port}",
              "protocol": "https",
              "query": "${query}",
              "httpCode": "301"
          }
      }]
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: redirect
                port:
                  name: use-annotation

    Scenario 3: Insert the source: alibaba header to requests

    The following code block is used to overwrite the existing header in requests with the source: alibaba header: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: default
  name: ingress
  annotations:
    alb.ingress.kubernetes.io/actions.insert-header: |
      [{
          "type": "InsertHeader",
          "InsertHeaderConfig": {
              "key": "source",
              "value": "alibaba",
              "valueType": "UserDefined"
          }
      }]
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: insert-header
                port:
                  number: 80

    Scenario 4: Mirror traffic to a server group

    The following code block is used to mirror traffic to a specified server group:

    Log on to the Server Load Balancer (SLB) console. In the left-side navigation pane, choose ALB > Server Groups. On the Server Groups page, you can view the ID of the server group.服务器组 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: traffic-mirror-ingress
  annotations:
   alb.ingress.kubernetes.io/actions.traffic-mirror: |
       [{
           "type": "TrafficMirror",
           "TrafficMirrorConfig": {
              "TargetType" : "ForwardGroupMirror",
              "MirrorGroupConfig": {
                  "ServerGroupTuples" : [{
                      "ServerGroupID": "sgp-2auud2fxj1r46*****"
                  }]
              }
           }
       }]
spec:
  ingressClassName: alb
  rules:
   - host: demo.domain.ingress.top
     http:
      paths:
      - path: /test
        pathType: Prefix
        backend:
          service:
            name: traffic-mirror
            port:
              number: 80

    Scenario 5: Forward requests to multiple backend server groups

    The following code block defines an Ingress that forwards requests to multiple Services in the cluster: 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: forward-ingress
  annotations:
    alb.ingress.kubernetes.io/actions.forward: |
       [{
           "type": "ForwardGroup",
           "ForwardConfig": {
             "ServerGroups" : [{
               "ServiceName": "tea-svc",
               "Weight": 80,
               "ServicePort": 80
             },
             {
               "ServiceName": "coffee-svc",
               "Weight": 20,
               "ServicePort": 80
             }]
           }
       }]
spec:
  ingressClassName: alb
  rules:
   - host: demo.domain.ingress.top
     http:
      paths:
      - path: /path
        pathType: Prefix
        backend:
          service:
            name: forward
            port:
              name: use-annotation

    Scenario 6: Rewrite requests

    The following code block defines an Ingress that rewrites the domain names, paths, and query strings of requests. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: default
  name: rewrite-ingress
  annotations:
    alb.ingress.kubernetes.io/actions.rewrite: |
       [{
           "type": "Rewrite",
           "RewriteConfig": {
               "Host": "demo.domain.ingress.top",
               "Path": "/test",
               "Query": "queryString"
           }
       }]
spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
          - path: /path
            pathType: Prefix
            backend:
              service:
                name: rewrite
                port:
                  port: 80

    Scenario 7: Modify the response header based on ResponseHeader

    Note

    • By default, custom routing rules take effect in the inbound direction. To enable custom routing rules to take effect in the outbound direction, set the annotation alb.ingress.kubernetes.io/rule-direction.<Service name> to Response. The annotation is set to Request by default.

    • When you create a custom outbound routing rule, the name of the servicePort in the ingressSpec.rules.backend field must be use-annotation.

    The following code block defines that when a response header is matched (the header contains response-hello and the value must be value1 or value2), a new request header source: alibaba will be inserted into the header. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
   alb.ingress.kubernetes.io/rule-direction.response-header: Response
   alb.ingress.kubernetes.io/conditions.response-header: |
     [{
         "type": "ResponseHeader",
         "responseHeaderConfig": {
            "key": "response-hello",
            "values": [
               "value1",
               "value2"
            ]
         }
     }]
   alb.ingress.kubernetes.io/actions.response-header: |
     [{
         "type": "InsertHeader",
         "InsertHeaderConfig": {
             "key": "source",
             "value": "alibaba",
             "valueType": "UserDefined"
         }
     }]
  name: response-header
spec:
  ingressClassName: alb
  rules:
   - http:
      paths:
      - path: /
        pathType: ImplementationSpecific
        backend:
          service:
            name: response-header
            port:
              name: use-annotation

    Scenario 8: Modify the response header based on the response status code

    Note

    • By default, custom routing rules take effect in the inbound direction. To enable custom routing rules to take effect in the outbound direction, set the annotation alb.ingress.kubernetes.io/rule-direction.<Service name> to Response. The annotation is set to Request by default.

    • When you create a custom outbound routing rule, the name of the servicePort in the ingressSpec.rules.backend field must be use-annotation.

    The following code block defines that the request header is removed (response-hello is removed from the request header) only when the response status code is 200 or 300. 

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
   alb.ingress.kubernetes.io/rule-direction.response-hello: Response
   alb.ingress.kubernetes.io/conditions.response-hello: |
     [{
       "type": "ResponseStatusCode",
       "responseStatusCodeConfig": {
         "values": [
             "200",
             "300"
         ]
       }
     }]
   alb.ingress.kubernetes.io/actions.response-hello: |
     [{
         "type": "RemoveHeader",
         "RemoveHeaderConfig": {
             "key": "response-hello"
         }
     }]
  name: response-hello
spec:
  ingressClassName: alb
  rules:
   - http:
      paths:
      - path: /*
        pathType: ImplementationSpecific
        backend:
          service:
            name: response-hello
            port:
              name: use-annotation