Kubernetes Ingress 网络拒绝某些路径 [英] Kubernetes Ingress network deny some paths
问题描述
我有一个简单的 kubernetes 入口网络.
I've a simple kubernetes ingress network.
我需要拒绝访问一些关键路径,如/admin 或等.
I need deny the access some critical paths like /admin or etc.
我的入口网络文件如下所示.
My ingress network file shown as below.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-test
spec:
rules:
- host: host.host.com
http:
paths:
- path: /service-mapping
backend:
serviceName: /service-mapping
servicePort: 9042
如何使用 kubernetes 入口网络、nginx 注释或其他方法拒绝自定义路径.
How I can deny the custom path with kubernetes ingress network, with nginx annonations or another methods .
我使用如下所示的注释处理这个问题.
I handle this issue with annotations shown as below .
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-configuration-snippet
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
server_tokens off;
location DANGER-PATH {
deny all;
return 403;
}
spec:
rules:
- host: api.myhost.com
http:
paths:
- backend:
serviceName: bookapi-2
servicePort: 8080
path: PATH
推荐答案
我遇到了同样的问题,并在 github.为了实现你的目标,你需要先默认创建两个 Ingress,没有任何限制:
I’ve faced the same issue and found the solution on github. To achieve your goal, you need to create two Ingresses first by default without any restriction:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-test
spec:
rules:
- host: host.host.com
http:
paths:
- path: /service-mapping
backend:
serviceName: /service-mapping
servicePort: 9042
然后,按照 文档:
Then, create a secret
for auth as described in the doc:
创建htpasswd
$ htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo
创建秘密
:
$ kubectl create secret generic basic-auth --from-file=auth
secret "basic-auth" created
需要限制路径的带有身份验证的第二个入口:
Second Ingress with auth for paths which you need to restrict:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropiate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"
spec:
rules:
- host: host.host.com
http:
paths:
- path: /admin
backend:
serviceName: service_name
servicePort: 80
根据sedooe的回答,他的解决方案可能存在一些问题.
According to sedooe answer, his solution may have some issues.
这篇关于Kubernetes Ingress 网络拒绝某些路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!