[英]Kubernetes Ingress Whitelist IP for host
How can I whitelist IP addresses for different hosts, but for the same path?如何将不同主机的 IP 地址列入白名单,但路径相同?
example.com - should be without whitelist. example.com - 应该没有白名单。 All others must be whitelisted.
所有其他人都必须列入白名单。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: login.example.com
http:
paths:
- backend:
serviceName: login
servicePort: 4444
path: /
- host: admin.example.com
http:
paths:
- backend:
serviceName: admin
servicePort: 3333
path: /
- host: api.example.com
http:
paths:
- backend:
serviceName: api
servicePort: 2222
path: /
- host: example.com
http:
paths:
- backend:
serviceName: wp
servicePort: 1111
path: /
注释:nginx.ingress.kubernetes.io/whitelist-source-range:“1.1.1.1/24”
Basically @ANISH gave you a good idea about nginx.ingress.kubernetes.io/whitelist-source-range , where you can start.基本上@ANISH 给了你一个关于nginx.ingress.kubernetes.io/whitelist-source-range的好主意,你可以从那里开始。
You can specify allowed client IP source ranges through the nginx.ingress.kubernetes.io/whitelist-source-range annotation.
您可以通过 nginx.ingress.kubernetes.io/whitelist-source-range 注释指定允许的客户端 IP 源范围。 The value is a comma separated list of CIDRs, eg 10.0.0.0/24,172.10.0.1.
该值是逗号分隔的 CIDR 列表,例如 10.0.0.0/24,172.10.0.1。
To configure this setting globally for all Ingress rules, the whitelist-source-range value may be set in the NGINX ConfigMap.
要为所有 Ingress 规则全局配置此设置,可以在 NGINX ConfigMap 中设置 whitelist-source-range 值。
However, if you dont want to apply it to all your ingress rules - just create 2 separate ingresses.但是,如果您不想将其应用于所有入口规则 - 只需创建 2 个单独的入口。 1 for whitelisted hosts and second for your example.com host
1 为白名单主机,第二为 example.com 主机
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.