我有多个 IP,我只想让这些 IP 进入我的入口
我知道我可以在我的入口注释中做到这一点,
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/16
但我想要的是我有多个 IPS,而不仅仅是10.0.0.0/16
所以如果我有像178.1.0.2/17,之类的 IP 10.0.0.0/16,178.2.0.3/18并且我只想允许这个 IP 进入我的入口,那么我怎么能做到这一点。
问问题
1588 次
1 回答
1
If you are using Nginx Ingress you can do it adding specific annotation whitelist-source-range.
nginx.ingress.kubernetes.io/whitelist-source-range
You can specify allowed client IP source ranges through the nginx.ingress.kubernetes.io/whitelist-source-range annotation. The value is a comma separated list of CIDRs, e.g. 10.0.0.0/24,172.10.0.1.
To configure this setting globally for all Ingress rules, the whitelist-source-range value may be set in the NGINX ConfigMap.
Also keep in mind that:
Adding an annotation to an Ingress rule overrides any global restriction.
Also if you would like to use Ingress Whitelist IP for Path you can check this thread.
Example:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: frontend
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/16,178.2.0.3/18,178.1.0.2/17
spec:
rules:
- host: something.something.com
http:
paths:
- path: /app1
backend:
serviceName: app1
servicePort: 80
- path: /api
backend:
serviceName: api
servicePort: 8000
ingress.extensions/frontend created
于 2020-08-27T08:05:09.333 回答