Ingress 注解仅适用于特定路径

0

【以下的问题经过翻译处理】 我有以下Ingress配置:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "oidc-ingress"
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=300
    external-dns.alpha.kubernetes.io/hostname: example.com
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    alb.ingress.kubernetes.io/auth-type: oidc
    alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate
    alb.ingress.kubernetes.io/auth-idp-oidc: '{"issuer":"https://login.microsoftonline.com/some-id/v2.0","authorizationEndpoint":"https://login.microsoftonline.com/some-id/oauth2/v2.0/authorize","tokenEndpoint":"https://login.microsoftonline.com/some-id/oauth2/v2.0/token","userInfoEndpoint":"https://graph.microsoft.com/oidc/userinfo","secretName":"aws-alb-secret"}'
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
spec:
  rules:
  - http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: ssl-redirect
            port: 
              name: use-annotation
      - pathType: Prefix
        path: /jenkins
        backend:
          service:
            name: jenkins
            port: 
              number: 8080
      - pathType: Prefix
        path: /
        backend:
          service:
            name: apache
            port: 
              number: 80

如果我使用kubectl apply这个Ingress配置,它将应用于所有路由规则的注释,这意味着:

/*
/jenkins
/jenkins/*

1.如果我打开 https://example.com,就会对所有人开放。 2.如果我打开https://example.com/jenkins,它会将我重定向到OIDC认证页面。

我可以通过在AWS控制台中手动执行此操作来完成此操作,当我从/*移除authenticate规则并仅留在/jenkins/*中时。

然而,我想通过Ingress注释来实现这一点,以便能够自动化这个过程。

请问我该怎么做?

谢谢你的帮助。

profile picture
专家
已提问 10 个月前43 查看次数
1 回答
0

【以下的回答经过翻译处理】 你需要使用带有"group"注释的多个"Ingress"。你可以参考这个链接:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.1/guide/ingress/annotations/#group.order 请按照以下方式进行测试!

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "base"
  annotations:
    alb.ingress.kubernetes.io/group.name: example
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=300
    external-dns.alpha.kubernetes.io/hostname: example.com
spec:
  rules:
  - http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: ssl-redirect
            port: 
              name: use-annotation
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "jenkins"
  annotations:
    alb.ingress.kubernetes.io/group.name: example
    alb.ingress.kubernetes.io/group.order: 10
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
    alb.ingress.kubernetes.io/auth-type: oidc
    alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate
    alb.ingress.kubernetes.io/auth-idp-oidc: '{"issuer":"https://login.microsoftonline.com/some-id/v2.0","authorizationEndpoint":"https://login.microsoftonline.com/some-id/oauth2/v2.0/authorize","tokenEndpoint":"https://login.microsoftonline.com/some-id/oauth2/v2.0/token","userInfoEndpoint":"https://graph.microsoft.com/oidc/userinfo","secretName":"aws-alb-secret"}'
spec:
  rules:
  - http:
      paths:
      - pathType: Prefix
        path: /jenkins
        backend:
          service:
            name: jenkins
            port: 
              number: 8080
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "default"
  annotations:
    alb.ingress.kubernetes.io/group.name: example
    alb.ingress.kubernetes.io/group.order: 20
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
spec:
  rules:
  - http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: apache
            port: 
              number: 80
profile picture
专家
已回答 10 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则