Ingress 注解仅适用于特定路径
0
【以下的问题经过翻译处理】 我有以下Ingress配置:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: "oidc-ingress"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=300
external-dns.alpha.kubernetes.io/hostname: example.com
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
alb.ingress.kubernetes.io/auth-type: oidc
alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate
alb.ingress.kubernetes.io/auth-idp-oidc: '{"issuer":"https://login.microsoftonline.com/some-id/v2.0","authorizationEndpoint":"https://login.microsoftonline.com/some-id/oauth2/v2.0/authorize","tokenEndpoint":"https://login.microsoftonline.com/some-id/oauth2/v2.0/token","userInfoEndpoint":"https://graph.microsoft.com/oidc/userinfo","secretName":"aws-alb-secret"}'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
spec:
rules:
- http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: ssl-redirect
port:
name: use-annotation
- pathType: Prefix
path: /jenkins
backend:
service:
name: jenkins
port:
number: 8080
- pathType: Prefix
path: /
backend:
service:
name: apache
port:
number: 80
如果我使用kubectl apply这个Ingress配置,它将应用于所有路由规则的注释,这意味着:
/*
/jenkins
/jenkins/*
1.如果我打开 https://example.com,就会对所有人开放。
2.如果我打开https://example.com/jenkins,它会将我重定向到OIDC认证页面。
我可以通过在AWS控制台中手动执行此操作来完成此操作,当我从/*移除authenticate规则并仅留在/jenkins/*中时。
然而,我想通过Ingress注释来实现这一点,以便能够自动化这个过程。
请问我该怎么做?
谢谢你的帮助。
1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
【以下的回答经过翻译处理】 你需要使用带有"group"注释的多个"Ingress"。你可以参考这个链接:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.1/guide/ingress/annotations/#group.order 请按照以下方式进行测试!
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: "base"
annotations:
alb.ingress.kubernetes.io/group.name: example
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=300
external-dns.alpha.kubernetes.io/hostname: example.com
spec:
rules:
- http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: ssl-redirect
port:
name: use-annotation
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: "jenkins"
annotations:
alb.ingress.kubernetes.io/group.name: example
alb.ingress.kubernetes.io/group.order: 10
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/auth-type: oidc
alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate
alb.ingress.kubernetes.io/auth-idp-oidc: '{"issuer":"https://login.microsoftonline.com/some-id/v2.0","authorizationEndpoint":"https://login.microsoftonline.com/some-id/oauth2/v2.0/authorize","tokenEndpoint":"https://login.microsoftonline.com/some-id/oauth2/v2.0/token","userInfoEndpoint":"https://graph.microsoft.com/oidc/userinfo","secretName":"aws-alb-secret"}'
spec:
rules:
- http:
paths:
- pathType: Prefix
path: /jenkins
backend:
service:
name: jenkins
port:
number: 8080
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: "default"
annotations:
alb.ingress.kubernetes.io/group.name: example
alb.ingress.kubernetes.io/group.order: 20
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
spec:
rules:
- http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: apache
port:
number: 80
Relevanter Inhalt
AWS OFFICIALAktualisiert vor einem Jahr- AWS OFFICIALAktualisiert vor einem Jahr