K8S ingress nginx 设置访问白名单
前端没有负载均衡器的情况下
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-myapp
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/whitelist-source-range: '192.168.8.0/24' # 访问白名单
spec:
rules:
- host: myapp.klvchen.com
http:
paths:
- path:
backend:
serviceName: myapp
servicePort: 80
前端有负载均衡器(阿里云 SLB)的情况下, 需要额外增加下面配置
在 ingress-nginx data 下添加 use-forwarded-headers
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
data:
use-forwarded-headers: "true" # 添加
生效后,在 nginx-ingress-controller 中 nginx.conf 增加了以下配置
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
