k8s ingress path whitelist-source-range
后端为 nginx 应用
ingress 定义 path: /
cat ingress-nginx-demo1.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-demo
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: nginx.klvchen.com
http:
paths:
- path: /
backend:
serviceName: nginx-demo
servicePort: 80
[root@k8s-master01 ingress]# curl nginx.klvchen.com
...
<h1>Welcome to nginx!</h1>
...
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v1.html
v1
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v2/v2.html
v2
ingress 定义 path: /data/v1
把可访问的路径限制在了 /data/v1/
[root@k8s-master01 ingress]# cat ingress-nginx-demo2.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-demo
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: nginx.klvchen.com
http:
paths:
- path: /data/v1
backend:
serviceName: nginx-demo
servicePort: 80
[root@k8s-master01 ingress]# curl nginx.klvchen.com
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v1.html
v1
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v2/v2.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>
ingress 定义 nginx.ingress.kubernetes.io/rewrite-target
# 把 /data/v1 路径后的 (.*) 作为参数重定向到 /data/v2/
[root@k8s-master01 ingress]# cat ingress-nginx-demo3.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-demo
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /data/v2/$2
spec:
rules:
- host: nginx.klvchen.com
http:
paths:
- path: /data/v1(/|$)(.*)
backend:
serviceName: nginx-demo
servicePort: 80
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v2.html
v2
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v1.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>
设置白名单和单独域名的日志路径
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-demo
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/whitelist-source-range: '192.168.0.0/24,10.244.0.1'
nginx.ingress.kubernetes.io/enable-access-log: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
access_log /var/log/nginx/nginx.klvchen.com.access.log upstreaminfo if=$loggable;
error_log /var/log/nginx/nginx.klvchen.com.error.log;
spec:
rules:
- host: nginx.klvchen.com
http:
paths:
- path: /data/v1
backend:
serviceName: nginx-demo
servicePort: 80
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v1.html
v1
[root@k8s-master01 ingress]# curl nginx.klvchen.com
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>
参考:https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/
浙公网安备 33010602011771号