远程 IP 基于 SSL 在 Kubernetes 入口
[英]Remote IP based SSL in Kubernetes Ingress
问题描述
In plain nginx, I can use the nginx geo module to set a variable based on the remote address.
在普通的 nginx 中,我可以使用nginx 地理模块根据远程地址设置变量。 I can use this variable in the ssl path to choose a different SSL certificate and key for different remote networks accessing the server.我可以在 ssl 路径中使用此变量来为访问服务器的不同远程网络选择不同的 SSL 证书和密钥。 This is necessary because the different network environments have different CAs.这是必要的,因为不同的网络环境有不同的 CA。
How can I reproduce this behavior in a Kubernetes nginx ingress?如何在 Kubernetes nginx 入口中重现此行为? or even Istio?甚至是 Istio?
1 个解决方案
解决方案1
1 已采纳 2021-04-14 08:53:57
You can customize the generated config both for the base and for each Ingress.您可以为基础和每个 Ingress 自定义生成的配置。 I'm not familiar with the config you are describing but some mix of the various *-snippet configmap options ( https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#server-snippet ) or a custom template ( https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/custom-template/ )我不熟悉您描述的配置,但各种 *-snippet configmap 选项的混合( https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#server-片段)或自定义模板( https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/custom-template/ )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.