nginx · LorcanMcVeigh · Aug 7, 2020 · Jul 22, 2020 · Jul 30, 2020 · Jul 30, 2020
diff --git a/...-web/configuration/ingress-resources/advanced-configuration-with-annotations.md b/...-web/configuration/ingress-resources/advanced-configuration-with-annotations.md
@@ -12,7 +12,7 @@ Customization and fine-tuning is also available through the [ConfigMap](/nginx-i
 
 Here is an example of using annotations to customize the configuration for a particular Ingress resource:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress-with-annotations

diff --git a/docs-web/configuration/ingress-resources/advanced-configuration-with-snippets.md b/docs-web/configuration/ingress-resources/advanced-configuration-with-snippets.md
@@ -8,7 +8,7 @@ Snippets are also available through the [ConfigMap](/nginx-ingress-controller/co
 
 The example below shows how to use snippets to customize the NGINX configuration template using annotations.
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress-with-snippets

diff --git a/docs-web/configuration/ingress-resources/basic-configuration.md b/docs-web/configuration/ingress-resources/basic-configuration.md
@@ -2,7 +2,7 @@
 
 The example below shows a basic Ingress resource definition. It load balances requests for two services -- coffee and tea -- comprising a hypothetical *cafe* app hosted at `cafe.example.com`:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress
@@ -15,11 +15,18 @@ spec:
   - host: cafe.example.com
     http:
       paths:
-      - path: /tea
+      - path: "/tea"
+        pathType: Prefix
+        backend:
+          serviceName: tea-svc
+          servicePort: 80
+      - path: "/tea/green"
+        pathType: Exact
         backend:
           serviceName: tea-svc
           servicePort: 80
       - path: /coffee
+        pathType: ImplementationSpecific # default
         backend:
           serviceName: coffee-svc
           servicePort: 80
@@ -30,10 +37,11 @@ Here is a breakdown of what this Ingress resource definition means:
 * In the `spec.tls` field we set up SSL/TLS termination:
     * In the `secretName`, we reference a secret resource by its name, `cafe‑secret`. This resource contains the SSL/TLS certificate and key and it must be deployed prior to the Ingress resource.
     * In the `hosts` field, we apply the certificate and key to our `cafe.example.com` host.
-* In the `spec.rules` field, we define a host with domain name `cafe.example.com`.
+* In the `spec.rules` field, we define a host with domain name `cafe.example.com`. The host domain name supports wildcard values for example, `foo.example.com/coffee` or `bar.example.com/tea` will be handled by the Ingress rule with  `*.example.com` host.
 * In the `paths` field, we define two path‑based rules:
-  * The rule with the path `/tea` instructs NGINX to distribute the requests with the `/tea` URI among the pods of the *tea* service, which is deployed with the name `tea‑svc` in the cluster.
-  * The rule with the path `/coffee` instructs NGINX to distribute the requests with the `/coffee` URI among the pods of the *coffee* service, which is deployed with the name `coffee‑svc` in the cluster.
+  * The rule with the path `/tea` instructs NGINX to distribute the requests with the prefix matching `/tea` URI among the pods of the *tea* service, which is deployed with the name `tea‑svc` in the cluster.
+  * The rule with the path `/tea/green` instructs NGINX to distribute the requests with the exact matching `/tea/green` URI among the pods of the *tea* service, which is deployed with the name `tea-svc` in the cluster.
+  * The rule with the path `/coffee` instructs NGINX to distribute the requests with the implementation specific matching `/coffee` URI among the pods of the *coffee* service, which is deployed with the name `coffee‑svc` in the cluster. Implementation specific matching is the default prefix matching. 
   * Both rules instruct NGINX to distribute the requests to `port 80` of the corresponding service (the `servicePort` field).
 
 > For complete instructions on deploying the Ingress and Secret resources in the cluster, see the [complete-example](https://github.com/nginxinc/kubernetes-ingress/tree/master/examples/complete-example) in our GitHub repo.

diff --git a/docs-web/configuration/ingress-resources/custom-annotations.md b/docs-web/configuration/ingress-resources/custom-annotations.md
@@ -33,7 +33,7 @@ Consider the following excerpt from the template, which was extended to support
 
 Consider the following Ingress resource and note how we set two annotations:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: example-ingress

diff --git a/examples/appprotect/cafe-ingress.yaml b/examples/appprotect/cafe-ingress.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress

diff --git a/examples/complete-example/cafe-ingress.yaml b/examples/complete-example/cafe-ingress.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress

diff --git a/examples/custom-annotations/README.md b/examples/custom-annotations/README.md
@@ -81,7 +81,7 @@ Customize the template for Ingress resources to include the logic to handle and
 
 1. Create a file with the following Ingress resource (`cafe-ingress.yaml`) and use the custom annotations to enable rate-limiting:
     ```yaml
-    apiVersion: extensions/v1beta1
+    apiVersion: networking.k8s.io/v1beta1
     kind: Ingress
     metadata:
       name: cafe-ingress

diff --git a/examples/externalname-services/README.md b/examples/externalname-services/README.md
@@ -40,7 +40,7 @@ spec:
 In the following Ingress resource we use my-service:
 
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: example-ingress

diff --git a/examples/grpc-services/README.md b/examples/grpc-services/README.md
@@ -18,7 +18,7 @@ nginx.org/grpc-services: "service1[,service2,...]"
 
 In the following example we load balance three applications, one of which is using gRPC:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: grpc-ingress

diff --git a/examples/health-checks/README.md b/examples/health-checks/README.md
@@ -15,7 +15,7 @@ The Ingress controller provides the following annotations for configuring active
 
 In the following example we enable active health checks in the cafe-ingress Ingress:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress

diff --git a/examples/jwt/README.md b/examples/jwt/README.md
@@ -13,7 +13,7 @@ The Ingress controller provides the following 4 annotations for configuring JWT
 
 In the following example we enable JWT validation for the cafe-ingress Ingress for all paths using the same key `cafe-jwk`:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress
@@ -51,7 +51,7 @@ In the following example we enable JWT validation for the [mergeable Ingresses](
 
 * Master:
   ```yaml
-  apiVersion: extensions/v1beta1
+  apiVersion: networking.k8s.io/v1beta1
   kind: Ingress
   metadata:
     name: cafe-ingress-master
@@ -69,7 +69,7 @@ In the following example we enable JWT validation for the [mergeable Ingresses](
 
 * Tea minion:
   ```yaml
-  apiVersion: extensions/v1beta1
+  apiVersion: networking.k8s.io/v1beta1
   kind: Ingress
   metadata:
     name: cafe-ingress-tea-minion
@@ -93,7 +93,7 @@ In the following example we enable JWT validation for the [mergeable Ingresses](
 
 * Coffee minion:
   ```yaml
-  apiVersion: extensions/v1beta1
+  apiVersion: networking.k8s.io/v1beta1
   kind: Ingress
   metadata:
     name: cafe-ingress-coffee-minion

diff --git a/examples/mergeable-ingress-types/cafe-master.yaml b/examples/mergeable-ingress-types/cafe-master.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress-master

diff --git a/examples/mergeable-ingress-types/coffee-minion.yaml b/examples/mergeable-ingress-types/coffee-minion.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress-coffee-minion

diff --git a/examples/mergeable-ingress-types/tea-minion.yaml b/examples/mergeable-ingress-types/tea-minion.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress-tea-minion

diff --git a/examples/rewrites/README.md b/examples/rewrites/README.md
@@ -13,7 +13,7 @@ nginx.org/rewrites: "serviceName=service1 rewrite=rewrite1[;serviceName=service2
 
 In the following example we load balance two applications that require URI rewriting:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress

diff --git a/examples/session-persistence/README.md b/examples/session-persistence/README.md
@@ -20,7 +20,7 @@ The syntax of the *cookieName*, *expires*, *domain*, *httponly*, *secure* and *p
 
 In the following example we enable session persistence for two services -- the *tea-svc* service and the *coffee-svc* service:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress-with-session-persistence

diff --git a/examples/session-persistence/cafe-ingress-with-session-persistence.yaml b/examples/session-persistence/cafe-ingress-with-session-persistence.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress-with-session-persistence

diff --git a/examples/ssl-services/README.md b/examples/ssl-services/README.md
@@ -8,7 +8,7 @@ nginx.org/ssl-services: "service1[,service2,...]"
 
 In the following example we load balance three applications, one of which requires HTTPS:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress

diff --git a/examples/websocket/README.md b/examples/websocket/README.md
@@ -7,7 +7,7 @@ nginx.org/websocket-services: "service1[,service2,...]"
 
 In the following example we load balance three applications, one of which is using WebSocket:
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: cafe-ingress

diff --git a/examples/wildcard-tls-certificate/README.md b/examples/wildcard-tls-certificate/README.md
@@ -21,7 +21,7 @@ In the example below we configure TLS termination for two Ingress resources for
 `foo-ingress` from the namespace `foo-namespace`:
 
  ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: foo-ingress
@@ -45,7 +45,7 @@ spec:
 `bar-ingress` from the namespace `bar-namespace`:
 
 ```yaml
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: bar-ingress

diff --git a/internal/configs/ingress.go b/internal/configs/ingress.go
@@ -181,8 +181,14 @@ func generateNginxCfg(ingEx *IngressEx, pems map[string]string, apResources map[
 
 			ssl := sslServices[path.Backend.ServiceName] || staticParams.SpiffeCerts
 			proxySSLName := generateProxySSLName(path.Backend.ServiceName, ingEx.Ingress.Namespace)
+			var pathType extensions.PathType
+			if path.PathType == nil {
+				pathType = extensions.PathTypePrefix
+			} else {
+				pathType = *path.PathType
+			}
 			loc := createLocation(pathOrDefault(path.Path), upstreams[upsName], &cfgParams, wsServices[path.Backend.ServiceName], rewrites[path.Backend.ServiceName],
-				ssl, grpcServices[path.Backend.ServiceName], proxySSLName)
+				ssl, grpcServices[path.Backend.ServiceName], proxySSLName, &pathType)
 			if isMinion && ingEx.JWTKey.Name != "" {
 				loc.JWTAuth = &version1.JWTAuth{
 					Key:   jwtKeyFileName,
@@ -209,9 +215,10 @@ func generateNginxCfg(ingEx *IngressEx, pems map[string]string, apResources map[
 			upsName := getNameForUpstream(ingEx.Ingress, emptyHost, ingEx.Ingress.Spec.Backend)
 			ssl := sslServices[ingEx.Ingress.Spec.Backend.ServiceName] || staticParams.SpiffeCerts
 			proxySSLName := generateProxySSLName(ingEx.Ingress.Spec.Backend.ServiceName, ingEx.Ingress.Namespace)
+			pathtype := extensions.PathTypePrefix
 
 			loc := createLocation(pathOrDefault("/"), upstreams[upsName], &cfgParams, wsServices[ingEx.Ingress.Spec.Backend.ServiceName], rewrites[ingEx.Ingress.Spec.Backend.ServiceName],
-				ssl, grpcServices[ingEx.Ingress.Spec.Backend.ServiceName], proxySSLName)
+				ssl, grpcServices[ingEx.Ingress.Spec.Backend.ServiceName], proxySSLName, &pathtype)
 			locations = append(locations, loc)
 
 			if cfgParams.HealthCheckEnabled {
@@ -250,7 +257,10 @@ func generateNginxCfg(ingEx *IngressEx, pems map[string]string, apResources map[
 	}
 }
 
-func createLocation(path string, upstream version1.Upstream, cfg *ConfigParams, websocket bool, rewrite string, ssl bool, grpc bool, proxySSLName string) version1.Location {
+func createLocation(path string, upstream version1.Upstream, cfg *ConfigParams, websocket bool, rewrite string, ssl bool, grpc bool, proxySSLName string, pathType *extensions.PathType) version1.Location {
+	if *pathType == extensions.PathTypeExact {
+		path = "= " + path
+	}
 	loc := version1.Location{
 		Path:                 path,
 		Upstream:             upstream,