CS Launch Ingress: Difference between revisions

From Computer Science Wiki
Jump to navigation Jump to search
Carnold (talk | contribs)
No edit summary
Carnold (talk | contribs)
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 27: Line 27:
** Restricts ingress access to a specific set of IP ranges
** Restricts ingress access to a specific set of IP ranges
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
** A blank value will allow access from anywhere
** To allow access from anywhere, set value to <code>0.0.0.0/0,::/0</code>
** Example restricts to VT campus and VPN addresses: <code>nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172.21.0.0/16,45.3.120.0/21</code>
** Example restricts to VT campus and VPN addresses: <code>nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172.16.0.0/12,45.3.120.0/21,2001:468:c80::/48,2607:b400::/40</code>


* <code>nginx.ingress.kubernetes.io/rewrite-target</code>
* <code>nginx.ingress.kubernetes.io/rewrite-target</code>
Line 34: Line 34:
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rewrite
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rewrite
** Example removes all path from request -- container sees the request to root path: <code>nginx.ingress.kubernetes.io/rewrite-target: /</code>
** Example removes all path from request -- container sees the request to root path: <code>nginx.ingress.kubernetes.io/rewrite-target: /</code>
* <code>nginx.ingress.kubernetes.io/proxy-read-timeout</code>
** Increase timeout for proxy actions, defaults to 30 seconds
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-timeouts
** Example increase timeout to 60 seconds: <code>nginx.ingress.kubernetes.io/proxy-read-timeout: 60</code>
=== Discovery Ingress ===
* By default ingresses on the ''Discovery'' cluster are IP limited to VT campus and VT VPN.  You can use <code>nginx.ingress.kubernetes.io/whitelist-source-range</code> (see above) to restrict or expand this IP range.

Latest revision as of 12:18, 30 May 2024

Introduction

This is guide a supplement to the HowTo:CS Launch guide. It goes into more detail about CS Launch Ingress support.

Annotations

You an modify the behavior of your ingress using kubernetes annotations on your ingress resource. A common example is to restrict access to certain IP ranges. A full list of annotations and their descriptions can be found at: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

Adding an Annotation

You apply annotations by modifying the ingress resource object.

  • Navigate to your Cluster Dashboard
  • Click on Service Discovery from the menu on the left.
  • Click on Ingresses from the sub-menu on the left.
  • Click on the Kebab menu for the ingress you want to edit, and select Edit Config.
  • Click on the Labels & Annotations tab.
  • Click on the Add Annotation button.
  • Fill in the Key and Value fields.
  • Alternatively, you can modify your YAML specification directly, example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    nginx.ingress.kubernetes.io/rewrite-target: /$2

Common Annotations

Discovery Ingress

  • By default ingresses on the Discovery cluster are IP limited to VT campus and VT VPN. You can use nginx.ingress.kubernetes.io/whitelist-source-range (see above) to restrict or expand this IP range.