[英]Disable HSTS for nginx-ingress using ConfigMap
I've tried other related solutions but I can't seem to get this working right and I'm sure it is just a namespacing issue or something because this is my first experience with using ConfigMaps, but can someone help me troubleshoot why this isn't working?我已经尝试了其他相关的解决方案,但我似乎无法正常工作,我确定这只是命名空间问题或其他问题,因为这是我第一次使用 ConfigMaps,但有人可以帮助我解决为什么会这样不工作?
Here's my ingress:这是我的入口:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: brushfire-ingress
labels:
helm.sh/chart: brushfire-0.1.0
app.kubernetes.io/name: brushfire
app.kubernetes.io/instance: brushfire
app.kubernetes.io/version: "1.16.0"
app.kubernetes.io/managed-by: Helm
annotations:
cert-manager.io/cluster-issuer: brushfire-issuer
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- "brushfire.online"
- "*.brushfire.online"
secretName: tls-secret
rules:
- host: "brushfire.online"
http:
paths:
- path: /(.*)
backend:
serviceName: brushfire
servicePort: 80
- host: "*.brushfire.online"
http:
paths:
- path: /(.*)
backend:
serviceName: brushfire
servicePort: 80
And this is installed as part of a helm chart that is installed with --namespace jorin-ssl
这作为与
--namespace jorin-ssl
一起安装的舵图的一部分安装
The ConfigMap I tried is:我试过的 ConfigMap 是:
kind: ConfigMap
apiVersion: v1
metadata:
labels:
app: brushfire-ingress
name: nginx-configuration
namespace: ingress-nginx # I've also tried `jorin-ssl`
data:
hsts: "false"
But in the end, the HSTS always appears to be there:但最终,HSTS 似乎总是在那里:
$ curl -s -D- https://brushfire.online/ | grep -i Strict
returns返回
strict-transport-security: max-age=15724800; includeSubDomains
For simplicity, I'd love to do this without using a ConfigMap at all.为简单起见,我希望在不使用 ConfigMap 的情况下执行此操作。 Is there not a way to do this with the annotations like we do with
force-ssl-redirect
etc?有没有办法像我们使用
force-ssl-redirect
等那样使用注释来做到这一点?
The name of the ConfigMap must match what the nginx-ingress controller process is looking up. ConfigMap的名称必须与 nginx-ingress 控制器进程正在查找的名称相匹配。
The nginx-ingress process will use the --configmap
argument on the command line to set the name. nginx-ingress 进程将使用命令行上的
--configmap
参数来设置名称。 This option will be available in the container spec included in your deployment yaml.此选项将在部署 yaml 中包含的容器规范中可用。
For example, the helm deployment uses the full name of the controller for the --configmap
option.例如,helm 部署使用控制器的全名作为
--configmap
选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.