k8s ingress path whitelist-source-range

后端为 nginx 应用

ingress 定义 path: /

cat ingress-nginx-demo1.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-demo
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: nginx.klvchen.com
    http:
      paths: 
      - path: /
        backend:
          serviceName: nginx-demo
          servicePort: 80
[root@k8s-master01 ingress]# curl nginx.klvchen.com
...
<h1>Welcome to nginx!</h1>
...
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v1.html
v1
[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v2/v2.html
v2

ingress 定义 path: /data/v1

把可访问的路径限制在了 /data/v1/

[root@k8s-master01 ingress]# cat ingress-nginx-demo2.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-demo
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: nginx.klvchen.com
    http:
      paths: 
      - path: /data/v1
        backend:
          serviceName: nginx-demo
          servicePort: 80

[root@k8s-master01 ingress]# curl nginx.klvchen.com
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>

[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v1.html
v1

[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v2/v2.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>

ingress 定义 nginx.ingress.kubernetes.io/rewrite-target

# 把 /data/v1 路径后的 (.*) 作为参数重定向到 /data/v2/
[root@k8s-master01 ingress]# cat ingress-nginx-demo3.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-demo
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/rewrite-target: /data/v2/$2
spec:
  rules:
  - host: nginx.klvchen.com
    http:
      paths: 
      - path: /data/v1(/|$)(.*)
        backend:
          serviceName: nginx-demo
          servicePort: 80

[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v2.html
v2

[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v1.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0</center>
</body>
</html>

设置白名单和单独域名的日志路径

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-demo
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/whitelist-source-range: '192.168.0.0/24,10.244.0.1'
    nginx.ingress.kubernetes.io/enable-access-log: "true"
    nginx.ingress.kubernetes.io/configuration-snippet: |
       access_log /var/log/nginx/nginx.klvchen.com.access.log upstreaminfo if=$loggable;
       error_log  /var/log/nginx/nginx.klvchen.com.error.log;
spec:
  rules:
  - host: nginx.klvchen.com
    http:
      paths: 
      - path: /data/v1
        backend:
          serviceName: nginx-demo
          servicePort: 80

[root@k8s-master01 ingress]# curl nginx.klvchen.com/data/v1/v1.html
v1

[root@k8s-master01 ingress]# curl nginx.klvchen.com
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>

参考:https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/

posted @ 2020-09-08 11:16  klvchen  阅读(940)  评论(0编辑  收藏  举报