CS Launch Ingress
Introduction
This is guide a supplement to the HowTo:CS Launch guide. It goes into more detail about CS Launch Ingress support.
Annotations
You can modify the behavior of your ingress using kubernetes annotations on your ingress resource. A common example is to restrict access to certain IP ranges. A full list of annotations and their descriptions can be found at: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
Adding an Annotation
You apply annotations by modifying the ingress resource object.
- Navigate to your Cluster Dashboard
- Click on Service Discovery from the menu on the left.
- Click on Ingresses from the sub-menu on the left.
- Click on the Kebab menu for the ingress you want to edit, and select Edit Config.
- Click on the Labels & Annotations tab.
- Click on the Add Annotation button.
- Fill in the Key and Value fields.
- Alternatively, you can modify your YAML specification directly, example:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: nginx.ingress.kubernetes.io/rewrite-target: /$2
Common Annotations
nginx.ingress.kubernetes.io/whitelist-source-range
- Restricts ingress access to a specific set of IP ranges
- https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#whitelist-source-range
- To allow access from anywhere, set value to
0.0.0.0/0,::/0
- Example restricts to VT campus and VPN addresses:
nginx.ingress.kubernetes.io/whitelist-source-range: 128.173.0.0/16,198.82.0.0/16,172.16.0.0/12,45.3.120.0/21,2001:468:c80::/48,2607:b400::/40
nginx.ingress.kubernetes.io/rewrite-target
- Modifies the URL path before sending upstream. For example, to remove a leading path.
- https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rewrite
- Example removes all path from request -- container sees the request to root path:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-read-timeout
- Increase timeout for proxy actions, defaults to 30 seconds
- https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-timeouts
- Example increase timeout to 60 seconds:
nginx.ingress.kubernetes.io/proxy-read-timeout: 60
Discovery Ingress
- By default ingresses on the Discovery cluster are IP limited to VT campus and VT VPN. You can use
nginx.ingress.kubernetes.io/whitelist-source-range
(see above) to restrict or expand this IP range.