Ingress 注释常用功能总结

ingress 注释常用功能总结

--annotations-prefix	
# 特定于 NGINX 控制器的入口注释的前缀。(默认“nginx.ingress.kubernetes.io”)

1、域名重定向

这个配置会把www.kailinhr.com跳转到www.zhuoliehr.com

# 主要配置
nginx.ingress/permanent-redirect-code: "301"
nginx.ingress/configuration-snippet: |
  rewrite ^ https://www.zhuoliehr.com$request_uri? permanent;

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress/hsts: "false"
    nginx.ingress/hsts-max-age: "600"
    nginx.ingress/permanent-redirect-code: "301"
    nginx.ingress/ssl-redirect: "false"
    nginx.ingress/configuration-snippet: |
      rewrite ^ https://www.zhuoliehr.com$request_uri? permanent;
  labels:
    app: php-zhuolie-pc
  name: php-zhuolie-pc-ex1
spec:
  ingressClassName: nginx
  rules:
  - host: www.kailinhr.com
    http:
      paths:
      - backend:
          service:
            name: php-zhuolie-pc
            port:
              number: 80
        path: /
        pathType: Prefix
# 添加禁用缓存的头部信息
    nginx.ingress/configuration-snippet: |
      more_set_headers 'Cache-Control: no-cache';

2、匹配特定后缀返回指定文本

这种方式可以用于dns验证,或者其它指定文本验证。

访问/actuator会返回{"status":"success","result":"nginx json"}的内容。

    nginx.ingress.kubernetes.io/server-snippet: >-
      location ~ /actuator {
      default_type application/json;       return
      200 '{"status":"success","result":"nginx json"}';
        }

3、强制https

  • nginx.ingress.kubernetes.io/force-ssl-redirect: "true"通过这个annotation可以强制 https,如果是http请求,会通过 301 redirect到 https

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/preserve-trailing-slash: "true"
    nginx.ingress/hsts: "false"           # 告诉浏览器可以使用http访问
    nginx.ingress/hsts-max-age: "600"     # 控制hsts参数用https访问多久会失效,因为上面配置了hsts: false,所以这个配置不会生效
    nginx.ingress/ssl-redirect: "false"   # 是否强制跳转到https false表示不强制跳转

4、设置跨域请求

  annotations:
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For, X-app123-XPTO"
    nginx.ingress.kubernetes.io/cors-expose-headers: "*, X-CustomResponseHeader"
    nginx.ingress.kubernetes.io/cors-max-age: 600
    nginx.ingress.kubernetes.io/cors-allow-credentials: "false"

5、限流

  • 通过 rps 限制每秒请求数,rpm 限制每分钟请求数,connections限制连接数
metadata:
  name: test-ingress
  annotations:
    nginx.ingress.kubernetes.io/limit-rps: "5"
    nginx.ingress.kubernetes.io/limit-rpm: "300"
    nginx.ingress.kubernetes.io/limit-connections: "10"

6、proxy最大body

  • 这个主要是针对外部请求,防止将流量打满,proxy-body-size 设置最大请求 body,如果超过则会返回 413 请求错误。
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 8m

7、白名单功能

  annotations:
     ingress.kubernetes.io/whitelist-source-range: "10.1.0.0/24,172.10.0.1"

8、自定义配置

新增请求头

  annotations:
    nginx.ingress.kubernetes.io/server-snippet: |-
      add_header Shy-Test 888;
      # 添加到了server里面
      more_set_headers 'Shy-Hello: hello' 'Demo: demo';
      # 添加到了location / proxy里面
      proxy_set_header My-Custom-Header $http_my_custom_header;

特定的资源返回403。

    nginx.ingress/server-snippet: |
      if ($request_uri !~* "_nuxt|js|browserTips|searchspiderpush" ){
          return 403;
        }
       location = / {
         return 403;
       }
posted @ 2024-03-12 11:53  Gshelldon  阅读(164)  评论(0编辑  收藏  举报