[英]How to disable http access to service using Kubernetes Nginx ingress controller?
I have a service providing an API that I want to only be accessible over https
.我有一项提供 API 的服务,我希望只能通过
https
访问该服务。 I don't want http
to redirect to https
because that will expose credentials and the caller won't notice.我不希望
http
重定向到https
,因为这会暴露凭据并且调用者不会注意到。 Better to get an error response.最好得到错误响应。
How to do I configure my ingress.yaml?如何配置我的 ingress.yaml? Note that I want to maintain the default 308 redirect from
http
to https
for other services in the same cluster.请注意,对于同一集群中的其他服务,我想保留从
http
到https
的默认 308 重定向。
Thanks.谢谢。
In the documentation : you can read the following sentence about HTTPS enforcement through redirect:在文档中:您可以阅读以下关于 HTTPS enforcement through redirect 的句子:
By default the controller redirects (308) to HTTPS if TLS is enabled for that ingress.
默认情况下,如果为该入口启用了 TLS,则 controller 会重定向 (308) 到 HTTPS。 If you want to disable this behavior globally, you can use
ssl-redirect: "false"
in the NGINX ConfigMap .如果要全局禁用此行为,可以在 NGINX ConfigMap中使用
ssl-redirect: "false"
。
To configure this feature for specific ingress resources, you can use the nginx.ingress.kube.netes.io/ssl-redirect: "false" annotation in the particular resource.
要为特定入口资源配置此功能,您可以在特定资源中使用 nginx.ingress.kube.netes.io/ssl-redirect: "false" 注释。
You can also create two separate configurations: one with http and https and the other one only for http.您还可以创建两个单独的配置:一个用于 http 和 https,另一个仅用于 http。
Using kube.netes.io/ingress.class
annotation you can choose the ingress controller to be used.使用
kube.netes.io/ingress.class
注释,您可以选择要使用的入口 controller。
This mechanism also provides users the ability to run multiple NGINX ingress controllers (eg one which serves public traffic, one which serves "internal" traffic).
该机制还为用户提供了运行多个NGINX 入口控制器的能力(例如,一个服务于公共流量,一个服务于“内部”流量)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.