I need to expose some resources under /.well-known/ using Kubernetes (Android assetlinks.json and apple-app-site-association).

These resources are packaged in a Nginx container. I created a K8s deployment, a K8s service, and tried the following ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/app-root: /ui/
  name: app-ingress
  namespace: app
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - app.my-domain
      secretName: app-tls
  rules:
  - host: app.my-domain
    http:
      paths:
      - path: /.well-known
        pathType: Prefix
        backend:
          service:
            name: well-known-static-resources
            port:
              number: 80

But I got: Warning: path /.well-known cannot be used with pathType Prefix.

Reading the docs, the dot in /.well-known seems incompatible with ingress path validation.

But then, how should I route requests to the service for my .well-known resources? Or is there a better way to expose .well-known resources using K8s than ingress -> service -> pod -> Nginx container?

I need to expose some resources under https://app.my-domain/.well-known/ using Kubernetes (Android assetlinks.json and apple-app-site-association).

These resources are packaged in a Nginx container. I created a K8s deployment, a K8s service, and tried the following ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/app-root: /ui/
  name: app-ingress
  namespace: app
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - app.my-domain
      secretName: app-tls
  rules:
  - host: app.my-domain
    http:
      paths:
      - path: /.well-known
        pathType: Prefix
        backend:
          service:
            name: well-known-static-resources
            port:
              number: 80

But I got: Warning: path /.well-known cannot be used with pathType Prefix.

Reading the docs, the dot in /.well-known seems incompatible with ingress path validation.

But then, how should I route requests to the service for my .well-known resources? Or is there a better way to expose .well-known resources using K8s than ingress -> service -> pod -> Nginx container?

• kubernetes
• kubernetes-ingress
• nginx-ingress

1 Answer 1

I finally found a working solution with pathType: ImplementationSpecific.

Here is the modified yaml with usage of regexp and path rewrite I hadn't yet in the question, but now use on some other path:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/app-root: /ui/
  name: app-ingress
  namespace: app
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - app.my-domain
      secretName: app-tls
  rules:
  - host: app.my-domain
    http:
      paths:
      - path: /(\.well-known/.*)
        pathType: ImplementationSpecific
        backend:
          service:
            name: well-known-static-resources
            port:
              number: 80