K8S ingress nginx 设置访问白名单

前端没有负载均衡器的情况下

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-myapp
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/whitelist-source-range: '192.168.8.0/24'   # 访问白名单
spec:
  rules:
  - host: myapp.klvchen.com
    http:
      paths:
      - path:
        backend:
          serviceName: myapp
          servicePort: 80

前端有负载均衡器(阿里云 SLB)的情况下, 需要额外增加下面配置

在 ingress-nginx data 下添加  use-forwarded-headers
kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
data:
  use-forwarded-headers: "true"   # 添加

生效后,在 nginx-ingress-controller 中 nginx.conf 增加了以下配置

real_ip_header      X-Forwarded-For;                                 
real_ip_recursive   on;                                              
set_real_ip_from    0.0.0.0/0;   

参考:
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#use-forwarded-headers

posted @ 2020-09-23 14:39  klvchen  阅读(4119)  评论(0编辑  收藏  举报