绕过 nginx 入口 controller 速率限制
[英]Bypass nginx ingress controller rate limit
问题描述
I'm trying to enable some sort of rate limiting for a EKS cluster using nginx ingress controller where I also need to somehow whitelist a couple if IPs from this rate limit rule that are in charge of health and metrics checkups.
我正在尝试使用 nginx 入口 controller 为 EKS 集群启用某种速率限制,我还需要以某种方式将此速率限制规则中负责运行状况和指标检查的 IP 列入白名单。 If I use the annotations nginx.ingress.kubernetes.io/whitelist-source-range and nginx.ingress.kubernetes.io/limit-connections it just adds the limit to the whitelist IPs. If I use the annotations nginx.ingress.kubernetes.io/whitelist-source-range and nginx.ingress.kubernetes.io/limit-connections it just adds the limit to the whitelist IPs. Is there another way to setup this?还有另一种设置方法吗? Thank you!谢谢!
1 个解决方案
解决方案1
1 2020-06-29 12:53:18
The problem in fact that it ignores the whitelisting due to the lack of x-forwarded-for , but this activating this in production can be a security flaw, as discussed on: https://github.com/kubernetes/ingress-nginx/pull/2881事实上,由于缺少x-forwarded-for ,它忽略了白名单,但是在生产中激活它可能是一个安全漏洞,如讨论: https://github.com/kubernetes/ingress-nginx/拉/2881
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.