Ingress 注释常用功能总结
ingress 注释常用功能总结
--annotations-prefix
# 特定于 NGINX 控制器的入口注释的前缀。(默认“nginx.ingress.kubernetes.io”)
1、域名重定向
这个配置会把www.kailinhr.com跳转到www.zhuoliehr.com。
# 主要配置
nginx.ingress/permanent-redirect-code: "301"
nginx.ingress/configuration-snippet: |
rewrite ^ https://www.zhuoliehr.com$request_uri? permanent;
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress/hsts: "false"
nginx.ingress/hsts-max-age: "600"
nginx.ingress/permanent-redirect-code: "301"
nginx.ingress/ssl-redirect: "false"
nginx.ingress/configuration-snippet: |
rewrite ^ https://www.zhuoliehr.com$request_uri? permanent;
labels:
app: php-zhuolie-pc
name: php-zhuolie-pc-ex1
spec:
ingressClassName: nginx
rules:
- host: www.kailinhr.com
http:
paths:
- backend:
service:
name: php-zhuolie-pc
port:
number: 80
path: /
pathType: Prefix
# 添加禁用缓存的头部信息
nginx.ingress/configuration-snippet: |
more_set_headers 'Cache-Control: no-cache';
2、匹配特定后缀返回指定文本
这种方式可以用于dns验证,或者其它指定文本验证。
访问/actuator会返回{"status":"success","result":"nginx json"}的内容。
nginx.ingress.kubernetes.io/server-snippet: >-
location ~ /actuator {
default_type application/json; return
200 '{"status":"success","result":"nginx json"}';
}
3、强制https
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"通过这个annotation可以强制 https,如果是http请求,会通过 301 redirect到 https
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/preserve-trailing-slash: "true"
nginx.ingress/hsts: "false" # 告诉浏览器可以使用http访问
nginx.ingress/hsts-max-age: "600" # 控制hsts参数用https访问多久会失效,因为上面配置了hsts: false,所以这个配置不会生效
nginx.ingress/ssl-redirect: "false" # 是否强制跳转到https false表示不强制跳转
4、设置跨域请求
annotations:
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For, X-app123-XPTO"
nginx.ingress.kubernetes.io/cors-expose-headers: "*, X-CustomResponseHeader"
nginx.ingress.kubernetes.io/cors-max-age: 600
nginx.ingress.kubernetes.io/cors-allow-credentials: "false"
5、限流
- 通过 rps 限制每秒请求数,rpm 限制每分钟请求数,connections限制连接数
metadata:
name: test-ingress
annotations:
nginx.ingress.kubernetes.io/limit-rps: "5"
nginx.ingress.kubernetes.io/limit-rpm: "300"
nginx.ingress.kubernetes.io/limit-connections: "10"
6、proxy最大body
- 这个主要是针对外部请求,防止将流量打满,proxy-body-size 设置最大请求 body,如果超过则会返回 413 请求错误。
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 8m
7、白名单功能
annotations:
ingress.kubernetes.io/whitelist-source-range: "10.1.0.0/24,172.10.0.1"
8、自定义配置
新增请求头
annotations:
nginx.ingress.kubernetes.io/server-snippet: |-
add_header Shy-Test 888;
# 添加到了server里面
more_set_headers 'Shy-Hello: hello' 'Demo: demo';
# 添加到了location / proxy里面
proxy_set_header My-Custom-Header $http_my_custom_header;
特定的资源返回403。
nginx.ingress/server-snippet: |
if ($request_uri !~* "_nuxt|js|browserTips|searchspiderpush" ){
return 403;
}
location = / {
return 403;
}
