0

i have nginx ingress configured into a k8s pod, with the following configuration:

        location = /alert-cluster1 {
          proxy_pass http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080/alertmanager;
          proxy_set_header X-Scope-OrgID cluster1;
          proxy_pass_request_headers on;
        }

        location = /alert-cluster2 {
          proxy_pass http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080/alertmanager;
          proxy_set_header X-Scope-OrgID cluster2;
          proxy_pass_request_headers on;
        }

        location ~ /alertmanager {
          proxy_pass      http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080$request_uri;
        }

Basically what i need is:

  • when calling http://mydns/alert-cluster1, nginx should rewrite to /alertmanager with the header X-Scope-OrgID set to cluster1.
  • when calling http://mydns/alert-cluster2, nginx should rewrite to /alertmanager with the header X-Scope-OrgID set to cluster2.

The proxy pass directive point to a k8s service.

When performing a cURL, the header is not set and during the forward to /alertmanager, X-Scope-OrgID header is not set and alertmanager response with no org id.

curl http://mydns/multitenant-cluster1 -vL.
* Connected to ..... port 80 (#0)
> GET /multitenant-cluster1 HTTP/1.1
> Host: mydns
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Content-Type: text/html; charset=utf-8
< Content-Length: 49
< Connection: keep-alive
< Server: nginx/1.22.0
< Date: Tue, 19 Jul 2022 10:08:57 GMT
< Location: /alertmanager/
< Vary: Accept-Encoding
< X-Kong-Upstream-Latency: 2
< X-Kong-Proxy-Latency: 0
< Via: kong/2.0.4
<
* Ignoring the response-body
* Connection #0 to host mydns left intact
* Issue another request to this URL: 'http://mydns/alertmanager/'
* Found bundle for host mydns: 0x6000014e40c0 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#0) with host mydns
* Connected to mydns (10.228.41.23) port 80 (#0)
> GET /alertmanager/ HTTP/1.1
> Host: mydns
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< Content-Type: text/plain; charset=utf-8
< Content-Length: 10
< Connection: keep-alive
< Server: nginx/1.22.0
< Date: Tue, 19 Jul 2022 10:08:57 GMT
< Vary: Accept-Encoding
< X-Content-Type-Options: nosniff
< X-Kong-Upstream-Latency: 2
< X-Kong-Proxy-Latency: 0
< Via: kong/2.0.4
<
no org id
* Connection #0 to host mydns left intact

but if i call directly /alertmanager with the header hardcoded into the cURL curl http://mydns/alertmanager --header 'X-Scope-OrgID:cluster1' -L

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
        <link rel="icon" type="image/x-icon" href="favicon.ico" />
        <title>Alertmanager</title>
    </head>
    <body>
        <script>
            // If there is no trailing slash at the end of the path in the url,
            // add one. This ensures assets like script.js are loaded properly
            if (location.pathname.substr(-1) != '/') {
                location.pathname = location.pathname + '/';
                console.log('added slash');
            }
        </script>
        <script src="script.js"></script>
        <script>
            var app = Elm.Main.init({
                flags: {
                    production: true,
                    defaultCreator: localStorage.getItem('defaultCreator'),
                    groupExpandAll: JSON.parse(localStorage.getItem('groupExpandAll'))
                }
            });
            app.ports.persistDefaultCreator.subscribe(function(name) {
                localStorage.setItem('defaultCreator', name);
            });
            app.ports.persistGroupExpandAll.subscribe(function(expanded) {
                localStorage.setItem('groupExpandAll', JSON.stringify(expanded));
            });
        </script>
    </body>
</html>

Am i missing something?

EDIT after some test i found out this

location ~ /alertmanager {
          proxy_pass      http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080$request_uri;
          proxy_set_header X-Scope-OrgID cluster2;
        }

If i add the header directly into the location alertmanager, the header is set and the system is working fine. It's like that proxy_pass do not pass header during the redirect

Improve this question
2
  • Try adding a trailing /. For example: proxy_pass http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080/alertmanager/; Commented Jul 19, 2022 at 13:09
  • @RichardSmith i already tried it, but the header is not set Commented Jul 19, 2022 at 13:36

1 Answer 1

Reset to default
1

You are redirecting before the header is set, please set the header before proxy_pass. Below snippet might help.

location = /alert-cluster1 {
          
          proxy_set_header X-Scope-OrgID cluster1;
          proxy_pass_request_headers on;
          proxy_pass http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080/alertmanager;
        }

        location = /alert-cluster2 {
          
          proxy_set_header X-Scope-OrgID cluster2;
          proxy_pass_request_headers on;
          proxy_pass http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080/alertmanager;
        }

        location ~ /alertmanager {
          proxy_pass      http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080$request_uri;
        }

In order to pass header in a location block, one have to add it, please see the below snippet for help.

location ~ /alertmanager {
          proxy_set_header X-Scope-OrgID cluster2;
          proxy_pass_request_headers on;
          proxy_pass      http://cma-cortex-alertmanager.cortex-aggregator.svc.cluster.local:8080$request_uri;
        }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I already tried it, but this not fix the issue. On redirect to /alertmanager, the header is not set
you have to set the headers inside location block , please see the updated answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.