[英]Nginx Ingress controller- Path based routing
i am running an Nginx ingress controller and wanted to allow only few path for users to connect and rest all I wanted to block or provide an 403 error.我正在运行 Nginx 入口 controller 并希望只允许用户连接的少数路径和 rest 所有我想阻止或提供 403 错误。 how can i do that?
我怎样才能做到这一点?
I only wanted users to allow to connect /example
and rest all should be blocked.我只希望用户允许连接
/example
和 rest 都应该被阻止。
kind: Ingress
metadata:
name: ingress1
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: ingress.example.com
http:
paths:
- path: /example
backend:
serviceName: ingress-svc
servicePort: 80
Can i add a nginx server-snippet?我可以添加 nginx 服务器片段吗?
location path {
"if the path is not matching then deny"
deny all;
}```
Make a custom backend using below使用下面的自定义后端
apiVersion: apps/v1
kind: Deployment
metadata:
name: custom-http-backend
spec:
selector:
matchLabels:
app: custom-http-backend
template:
metadata:
labels:
app: custom-http-backend
spec:
containers:
- name: custom-http-backend
image: inanimate/echo-server
ports:
- name: http
containerPort: 8080
imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
name: custom-http-backend
spec:
selector:
app: custom-http-backend
ports:
- protocol: TCP
port: 80
targetPort: 8080
Then in your ingress add this rule然后在您的入口添加此规则
- host: ingress.example.com
http:
paths:
- path: /
backend:
serviceName: custom-http-backend
servicePort: 80
Additionally to what @Tarun Khosla mentioned which is correct, there is another stackoverflow question with examples which might be helpful.除了@Tarun Khosla 提到的正确之外,还有另一个带有示例的stackoverflow 问题可能会有所帮助。 I am posting this as a community wiki answer for better visibility for the community, feel free to expand on it.
我将其发布为社区 wiki 答案,以便为社区提供更好的可见性,请随时对其进行扩展。
There are 2 examples provided by @Nick Rak @Nick Rak 提供了 2 个示例
I've faced the same issue and found the solution on github .我遇到了同样的问题,并在github上找到了解决方案。 To achieve your goal, you need to create two Ingresses first by default without any restriction:
为了实现你的目标,你需要先默认创建两个 Ingress,没有任何限制:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-test
spec:
rules:
- host: host.host.com
http:
paths:
- path: /service-mapping
backend:
serviceName: /service-mapping
servicePort: 9042
Then, create a secret
for auth as described in the doc :然后,按照文档中的描述为身份验证创建一个
secret
:
Creating the htpasswd
创建
htpasswd
$ htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo
Creating the secret
:创建
secret
:
$ kubectl create secret generic basic-auth --from-file=auth
secret "basic-auth" created
Second Ingress with auth for paths which you need to restrict:对于您需要限制的路径,具有身份验证的第二个 Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropiate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"
spec:
rules:
- host: host.host.com
http:
paths:
- path: /admin
backend:
serviceName: service_name
servicePort: 80
According to sedooe answer , his solution may have some issues.根据sedooe 的回答,他的解决方案可能有一些问题。
and @sedooe和@sedooe
You can use server-snippet annotation.
您可以使用服务器片段注释。 This seems like exactly what you want to achieve.
这似乎正是您想要实现的目标。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.