Kubernetes 入口/NGINX 重写不匹配,而正则表达式似乎有效
[英]Kubernetes ingress / NGINX re-write does not match while regex seems valid
问题描述
I'm trying to filter out all paths that begin with /something .
我试图过滤掉所有以/something开头的路径。 While the regex seems PCRE valid by online testers, the result is 404 for all paths:虽然在线测试人员似乎对正则表达式 PCRE 有效,但所有路径的结果都是404 :
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
rules:
- host: myhost.com
http:
paths:
- backend:
serviceName: myservice
servicePort: 80
path: /^([^something].*)
Tried to play with the regex (eg, path: /(^[^something])(.*) ), but still get 404 for all.尝试使用正则表达式(例如, path: /(^[^something])(.*) ),但仍然得到404 。
What am I missing?我错过了什么?
Using v1.12.2 client with v1.14.1 server.使用v1.12.2客户端和v1.14.1服务器。
1 个解决方案
解决方案1
2 已采纳 2019-12-06 12:00:27
If you want to deny all traffic to /something you should use Nginx annotations called server-snipped .如果你想拒绝所有到/something流量,你应该使用名为server-snipped 的Nginx注释。 It will allow you to add custom configuration.它将允许您添加自定义配置。
It would look like:它看起来像:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-snippet
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
location /something {
deny all;
}
Fimilar example can be found on Github thread.类似的例子可以在Github线程上找到。
You can also consider second option with 2 ingress objects and authentication .您还可以考虑使用 2 个ingress对象和authentication第二个选项。 This was mentioned in another StackOverflow question .这是在另一个StackOverflow 问题中提到的。
In addition, you can deny access not only by location but also with specific IP.此外,您不仅可以按位置拒绝访问,还可以拒绝特定 IP 的访问。 It can be obtain using annotation called whitelist-source-range .它可以使用名为whitelist-source-range 的注释获得。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.