CS Launch Ingress: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 28: | Line 28: | ||
** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range | ** https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range | ||
** A blank value will allow access from anywhere | ** A blank value will allow access from anywhere | ||
** Example restricts to VT campus and VPN addresses: <code>nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172.21.0.0/16,45.3.120.0/21</code> | ** Example restricts to VT campus and VPN addresses: <code>nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172.21.0.0/16,45.3.120.0/21,2001:468:c80::/48,2607:b400::/40</code> | ||
* <code>nginx.ingress.kubernetes.io/rewrite-target</code> | * <code>nginx.ingress.kubernetes.io/rewrite-target</code> | ||
Revision as of 14:46, 23 January 2024
Introduction
This is guide a supplement to the HowTo:CS Launch guide. It goes into more detail about CS Launch Ingress support.
Annotations
You an modify the behavior of your ingress using kubernetes annotations on your ingress resource. A common example is to restrict access to certain IP ranges. A full list of annotations and their descriptions can be found at: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
Adding an Annotation
You apply annotations by modifying the ingress resource object.
- Navigate to your Cluster Dashboard
- Click on Service Discovery from the menu on the left.
- Click on Ingresses from the sub-menu on the left.
- Click on the Kebab menu for the ingress you want to edit, and select Edit Config.
- Click on the Labels & Annotations tab.
- Click on the Add Annotation button.
- Fill in the Key and Value fields.
- Alternatively, you can modify your YAML specification directly, example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
nginx.ingress.kubernetes.io/rewrite-target: /$2
Common Annotations
nginx.ingress.kubernetes.io/whitelist-source-range- Restricts ingress access to a specific set of IP ranges
- https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
- A blank value will allow access from anywhere
- Example restricts to VT campus and VPN addresses:
nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172.21.0.0/16,45.3.120.0/21,2001:468:c80::/48,2607:b400::/40
nginx.ingress.kubernetes.io/rewrite-target- Modifies the URL path before sending upstream. For example, to remove a leading path.
- https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rewrite
- Example removes all path from request -- container sees the request to root path:
nginx.ingress.kubernetes.io/rewrite-target: /