基于Header的NGINX入口路由
[英]NGINX Ingress Routing based on Header
问题描述
I have an nginx-ingress calling a custom auth-service before sending requests to the backend service, using this simple ConfigMap and Ingress:
在向后端服务发送请求之前,我有一个 nginx-ingress 调用自定义auth-service服务,使用这个简单的 ConfigMap 和 Ingress:
apiVersion: v1
kind: ConfigMap
metadata:
...
data:
global-auth-url: auth-service-url:8080/authenticate
global-auth-method: GET
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
...
spec:
rules:
- host: host1
http:
paths:
- backend:
serviceName: backend-service
servicePort: 8080
Now I need something different.现在我需要一些不同的东西。
How can I send requests, all with the same "Host" header, through different flows, one with auth-service and connected to backend-service1 and the other without any authentication and connecting to backend-service2 ?如何通过不同的流发送所有具有相同“主机”标头的请求,一个带有 auth-service 并连接到backend-service1 ,另一个没有任何身份验证并连接到backend-service2 ?
To be clear, and using the custom header "Example-header: test"要清楚,并使用自定义标题“示例标题:测试”
- If "Example-header" is "test", authenticate via my
auth-servicebefore sending tobackend-service, as it's done now.如果“Example-header”是“test”,则在发送到backend-service之前通过我的auth-service进行身份验证,就像现在一样。 - If "Example-header" is not defined, I want to send requests to a different backend service and do not use
auth-servicein the process.如果未定义“Example-header”,我想将请求发送到不同的后端服务,并且在此过程中不使用auth-service。
I tried a couple of things, namely having 2 Ingresses, one with global-auth-url and the other with nginx.ingress.kubernetes.io/enable-global-auth: "false" but the auth-service is always called.我尝试了几件事,即有 2 个 Ingress,一个带有global-auth-url ,另一个带有nginx.ingress.kubernetes.io/enable-global-auth: "false"但始终调用 auth-service。
Can I do this with NGINX, or do I have to use Istio or Ambassador?我可以用 NGINX 做到这一点,还是必须使用 Istio 或 Ambassador?
1 个解决方案
解决方案1
0 2021-11-23 16:41:17
One way you can achieve this behavior is by abusing the canary feature .实现此行为的一种方法是滥用canary 功能。
For your backend-service , create a normal Ingress, eg对于您的backend-service ,创建一个普通的 Ingress,例如
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-backend
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 80
Create a second Ingress for you auth-service with enabled canary and set the header name and value, eg使用启用的金丝雀为您创建第二个 Ingress auth-service并设置标头名称和值,例如
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-auth
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: Example-header
nginx.ingress.kubernetes.io/canary-by-header-value: test
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: auth-service
port:
number: 80
Now, every request with Example-header: test routes to auth-service .现在,每个请求都带有Example-header: test路由到auth-service 。 Any other value, eg Example-header: some-value , will not route to auth-service but rather go to your backend-service .任何其他值,例如Example-header: some-value ,都不会路由到auth-service而是转到您的backend-service 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.