堆栈内存溢出
  简体   繁体   English

主机的 Kubernetes 入口白名单 IP

[英]Kubernetes Ingress Whitelist IP for host

 原文  2020-03-11 10:33:59       nginx/ kubernetes/ kubernetes-ingress/ nginx-config/ nginx-ingress

问题描述

How can I whitelist IP addresses for different hosts, but for the same path?如何将不同主机的 IP 地址列入白名单,但路径相同?

example.com - should be without whitelist. example.com - 应该没有白名单。 All others must be whitelisted.所有其他人都必须列入白名单。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
  - host: login.example.com
    http:
      paths:
      - backend:
          serviceName: login
          servicePort: 4444
        path: /
  - host: admin.example.com
    http:
      paths:
      - backend:
          serviceName: admin
          servicePort: 3333
        path: /
  - host: api.example.com
    http:
      paths:
      - backend:
          serviceName: api
          servicePort: 2222
        path: /
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: wp
          servicePort: 1111
        path: /

2 个解决方案

解决方案1
 2 已采纳  2020-03-11 19:36:23

注释:nginx.ingress.kubernetes.io/whitelist-source-range:“1.1.1.1/24”

解决方案2
 1  2020-03-16 09:33:47

Basically @ANISH gave you a good idea about nginx.ingress.kubernetes.io/whitelist-source-range , where you can start.基本上@ANISH 给了你一个关于nginx.ingress.kubernetes.io/whitelist-source-range的好主意,你可以从那里开始。

You can specify allowed client IP source ranges through the nginx.ingress.kubernetes.io/whitelist-source-range annotation.您可以通过 nginx.ingress.kubernetes.io/whitelist-source-range 注释指定允许的客户端 IP 源范围。 The value is a comma separated list of CIDRs, eg 10.0.0.0/24,172.10.0.1.该值是逗号分隔的 CIDR 列表,例如 10.0.0.0/24,172.10.0.1。

To configure this setting globally for all Ingress rules, the whitelist-source-range value may be set in the NGINX ConfigMap.要为所有 Ingress 规则全局配置此设置,可以在 NGINX ConfigMap 中设置 whitelist-source-range 值。

However, if you dont want to apply it to all your ingress rules - just create 2 separate ingresses.但是,如果您不想将其应用于所有入口规则 - 只需创建 2 个单独的入口。 1 for whitelisted hosts and second for your example.com host 1 为白名单主机,第二为 example.com 主机

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kubernetes 入口白名单 IP 用于路径 - Kubernetes Ingress Whitelist IP for path 具有私有 IP 的 Kubernetes 入口控制器 - Kubernetes Ingress Controller with private IP Kubernetes whitelist-source-range 块而不是白名单 IP - Kubernetes whitelist-source-range blocks instead of whitelist IP Kubernetes 从 Ingress 获取 IP(Oracle 云) - Kubernetes getting IP from Ingress (Oracle Cloud) 远程 IP 基于 SSL 在 Kubernetes 入口 - Remote IP based SSL in Kubernetes Ingress Kubernetes ingress-nginx保留源IP - Kubernetes ingress-nginx preserve source IP 是否为Kubernetes入口保留客户端源IP? - Preserve client source IP for Kubernetes ingress? kubernetes ingress server-alias 仅适用于一个 ingress 主机 - kubernetes ingress server-alias only applies to one ingress host GKE中的Kubernetes-Nginx Ingress部署-分配给Ingress资源的公共IP - Kubernetes in GKE - Nginx Ingress deployment - Public IP assigned to Ingress resource 一个域使用 CNAME 指向另一个 kubernetes 入口主机域 - One domain points to another kubernetes ingress host domain using CNAME
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM