[英]Nginx Ingress controller- Path based routing
我正在運行 Nginx 入口 controller 並希望只允許用戶連接的少數路徑和 rest 所有我想阻止或提供 403 錯誤。 我怎樣才能做到這一點?
我只希望用戶允許連接/example
和 rest 都應該被阻止。
kind: Ingress
metadata:
name: ingress1
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: ingress.example.com
http:
paths:
- path: /example
backend:
serviceName: ingress-svc
servicePort: 80
我可以添加 nginx 服務器片段嗎?
location path {
"if the path is not matching then deny"
deny all;
}```
使用下面的自定義后端
apiVersion: apps/v1
kind: Deployment
metadata:
name: custom-http-backend
spec:
selector:
matchLabels:
app: custom-http-backend
template:
metadata:
labels:
app: custom-http-backend
spec:
containers:
- name: custom-http-backend
image: inanimate/echo-server
ports:
- name: http
containerPort: 8080
imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
name: custom-http-backend
spec:
selector:
app: custom-http-backend
ports:
- protocol: TCP
port: 80
targetPort: 8080
然后在您的入口添加此規則
- host: ingress.example.com
http:
paths:
- path: /
backend:
serviceName: custom-http-backend
servicePort: 80
除了@Tarun Khosla 提到的正確之外,還有另一個帶有示例的stackoverflow 問題可能會有所幫助。 我將其發布為社區 wiki 答案,以便為社區提供更好的可見性,請隨時對其進行擴展。
@Nick Rak 提供了 2 個示例
我遇到了同樣的問題,並在github上找到了解決方案。 為了實現你的目標,你需要先默認創建兩個 Ingress,沒有任何限制:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-test
spec:
rules:
- host: host.host.com
http:
paths:
- path: /service-mapping
backend:
serviceName: /service-mapping
servicePort: 9042
然后,按照文檔中的描述為身份驗證創建一個secret
:
創建htpasswd
$ htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo
創建secret
:
$ kubectl create secret generic basic-auth --from-file=auth
secret "basic-auth" created
對於您需要限制的路徑,具有身份驗證的第二個 Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropiate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"
spec:
rules:
- host: host.host.com
http:
paths:
- path: /admin
backend:
serviceName: service_name
servicePort: 80
根據sedooe 的回答,他的解決方案可能有一些問題。
和@sedooe
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.