CS Launch Ingress: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 27: | Line 27: | ||
** Restricts ingress access to a specific set of IP ranges | ** Restricts ingress access to a specific set of IP ranges | ||
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range | ** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range | ||
** | ** To allow access from anywhere, set value to <code>0.0.0.0/0,::/0</code> | ||
** Example restricts to VT campus and VPN addresses: <code>nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172. | ** Example restricts to VT campus and VPN addresses: <code>nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172.16.0.0/12,45.3.120.0/21,2001:468:c80::/48,2607:b400::/40</code> | ||
* <code>nginx.ingress.kubernetes.io/rewrite-target</code> | * <code>nginx.ingress.kubernetes.io/rewrite-target</code> | ||
Line 34: | Line 34: | ||
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rewrite | ** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rewrite | ||
** Example removes all path from request -- container sees the request to root path: <code>nginx.ingress.kubernetes.io/rewrite-target: /</code> | ** Example removes all path from request -- container sees the request to root path: <code>nginx.ingress.kubernetes.io/rewrite-target: /</code> | ||
* <code>nginx.ingress.kubernetes.io/proxy-read-timeout</code> | |||
** Increase timeout for proxy actions, defaults to 30 seconds | |||
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-timeouts | |||
** Example increase timeout to 60 seconds: <code>nginx.ingress.kubernetes.io/proxy-read-timeout: 60</code> | |||
=== Discovery Ingress === | |||
* By default ingresses on the ''Discovery'' cluster are IP limited to VT campus and VT VPN. You can use <code>nginx.ingress.kubernetes.io/whitelist-source-range</code> (see above) to restrict or expand this IP range. |
Latest revision as of 12:18, 30 May 2024
Introduction
This is guide a supplement to the HowTo:CS Launch guide. It goes into more detail about CS Launch Ingress support.
Annotations
You an modify the behavior of your ingress using kubernetes annotations on your ingress resource. A common example is to restrict access to certain IP ranges. A full list of annotations and their descriptions can be found at: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
Adding an Annotation
You apply annotations by modifying the ingress resource object.
- Navigate to your Cluster Dashboard
- Click on Service Discovery from the menu on the left.
- Click on Ingresses from the sub-menu on the left.
- Click on the Kebab menu for the ingress you want to edit, and select Edit Config.
- Click on the Labels & Annotations tab.
- Click on the Add Annotation button.
- Fill in the Key and Value fields.
- Alternatively, you can modify your YAML specification directly, example:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: nginx.ingress.kubernetes.io/rewrite-target: /$2
Common Annotations
nginx.ingress.kubernetes.io/whitelist-source-range
- Restricts ingress access to a specific set of IP ranges
- https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
- To allow access from anywhere, set value to
0.0.0.0/0,::/0
- Example restricts to VT campus and VPN addresses:
nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172.16.0.0/12,45.3.120.0/21,2001:468:c80::/48,2607:b400::/40
nginx.ingress.kubernetes.io/rewrite-target
- Modifies the URL path before sending upstream. For example, to remove a leading path.
- https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rewrite
- Example removes all path from request -- container sees the request to root path:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-read-timeout
- Increase timeout for proxy actions, defaults to 30 seconds
- https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-timeouts
- Example increase timeout to 60 seconds:
nginx.ingress.kubernetes.io/proxy-read-timeout: 60
Discovery Ingress
- By default ingresses on the Discovery cluster are IP limited to VT campus and VT VPN. You can use
nginx.ingress.kubernetes.io/whitelist-source-range
(see above) to restrict or expand this IP range.