[英]NGINX Ingress Routing based on Header
I have an nginx-ingress calling a custom auth-service
before sending requests to the backend service, using this simple ConfigMap and Ingress:在向后端服务发送请求之前,我有一个 nginx-ingress 调用自定义auth-service
服务,使用这个简单的 ConfigMap 和 Ingress:
apiVersion: v1
kind: ConfigMap
metadata:
...
data:
global-auth-url: auth-service-url:8080/authenticate
global-auth-method: GET
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
...
spec:
rules:
- host: host1
http:
paths:
- backend:
serviceName: backend-service
servicePort: 8080
Now I need something different.现在我需要一些不同的东西。
How can I send requests, all with the same "Host" header, through different flows, one with auth-service and connected to backend-service1
and the other without any authentication and connecting to backend-service2
?如何通过不同的流发送所有具有相同“主机”标头的请求,一个带有 auth-service 并连接到backend-service1
,另一个没有任何身份验证并连接到backend-service2
?
To be clear, and using the custom header "Example-header: test"要清楚,并使用自定义标题“示例标题:测试”
auth-service
before sending to backend-service
, as it's done now.如果“Example-header”是“test”,则在发送到backend-service
之前通过我的auth-service
进行身份验证,就像现在一样。auth-service
in the process.如果未定义“Example-header”,我想将请求发送到不同的后端服务,并且在此过程中不使用auth-service
。 I tried a couple of things, namely having 2 Ingresses, one with global-auth-url
and the other with nginx.ingress.kubernetes.io/enable-global-auth: "false"
but the auth-service is always called.我尝试了几件事,即有 2 个 Ingress,一个带有global-auth-url
,另一个带有nginx.ingress.kubernetes.io/enable-global-auth: "false"
但始终调用 auth-service。
Can I do this with NGINX, or do I have to use Istio or Ambassador?我可以用 NGINX 做到这一点,还是必须使用 Istio 或 Ambassador?
One way you can achieve this behavior is by abusing the canary feature .实现此行为的一种方法是滥用canary 功能。
For your backend-service
, create a normal Ingress, eg对于您的backend-service
,创建一个普通的 Ingress,例如
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-backend
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 80
Create a second Ingress for you auth-service
with enabled canary and set the header name and value, eg使用启用的金丝雀为您创建第二个 Ingress auth-service
并设置标头名称和值,例如
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-auth
annotations:
nginx.ingress.kubernetes.io/canary: "true"
nginx.ingress.kubernetes.io/canary-by-header: Example-header
nginx.ingress.kubernetes.io/canary-by-header-value: test
spec:
ingressClassName: nginx
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: auth-service
port:
number: 80
Now, every request with Example-header: test
routes to auth-service
.现在,每个请求都带有Example-header: test
路由到auth-service
。 Any other value, eg Example-header: some-value
, will not route to auth-service
but rather go to your backend-service
.任何其他值,例如Example-header: some-value
,都不会路由到auth-service
而是转到您的backend-service
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.