Ingress常见配置

 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/server-snippet: |
      location ~ ^/(admin|internal) {
        deny all;
      }
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header Upgrade-Insecure-Requests 1;
      proxy_set_header X-Forwarded-Proto https;
      add_header Content-Security-Policy upgrade-insecure-requests;
      
  name: suanpan-web
  namespace: default
spec:
  rules:
  - http:
      paths:
      - backend:
          serviceName: suanpan-service
          servicePort: 7000
        path: /

 

对某些特殊的请求进行限制（针对/admin和/internal目录全部禁止访问）

nginx.ingress.kubernetes.io/server-snippet: |
  location ~ ^/(admin|internal) {
    deny all;
  }

 

设置客户端请求正文的最大允许大小（默认1m）

nginx.ingress.kubernetes.io/proxy-body-size: 50m

 

设置从代理服务器读取响应的超时时间（以秒为单位，默认值60）

nginx.ingress.kubernetes.io/proxy-read-timeout: "300"

 

是否只能通过 SSL 访问（当 Ingress 包含证书时默认为 True）

nginx.ingress.kubernetes.io/ssl-redirect: "true"

 

强制重定向到 HTTPS（即使 Ingress 未启用 TLS）

nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

 

如果需要非标准端口跳转（比如http不使用80端口，https不使用443端口）

nginx.ingress.kubernetes.io/use-port-in-redirects: "true"

 

启用自定义配置，强制转换https下的http请求到https

nginx.ingress.kubernetes.io/configuration-snippet: |
  proxy_set_header Upgrade-Insecure-Requests 1;
  proxy_set_header X-Forwarded-Proto https;
  add_header Content-Security-Policy upgrade-insecure-requests;