我正在将 EKS 集群部署到 AWS 并使用 alb 入口控制器指向我的 K8S 服务。入口规范如下所示。
有两个目标path: /*
和path: /es/*
。而且我还配置alb.ingress.kubernetes.io/auth-type
为cognito
用作身份验证方法。
我的问题是如何auth-type
为不同的目标配置不同的?我想使用cognito
for/*
和none
for /es/*
。我怎样才能做到这一点?
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: sidecar
namespace: default
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name: sidecar
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.order: '1'
alb.ingress.kubernetes.io/healthcheck-path: /health
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
# Auth
alb.ingress.kubernetes.io/auth-type: cognito
alb.ingress.kubernetes.io/auth-idp-cognito: '{"userPoolARN":"xxxx","userPoolClientID":"xxxx","userPoolDomain":"xxxx"}'
alb.ingress.kubernetes.io/auth-scope: 'email openid aws.cognito.signin.user.admin'
alb.ingress.kubernetes.io/certificate-arn: xxxx
spec:
rules:
- http:
paths:
- path: /es/*
backend:
serviceName: sidecar-entrypoint
servicePort: 8080
- path: /*
backend:
serviceName: server-entrypoint
servicePort: 8081
这个问题经常出现,所以我想它需要在他们的文档中进行 PR-ed。
Ingress 资源是累积的,因此您可以将路径分成两个独立的 Ingress 资源,以便对每个资源进行不同的注释。它们将与整个集群中的所有其他 Ingress 资源结合以形成最终配置
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: sidecar-star
namespace: default
annotations:
kubernetes.io/ingress.class: alb
# ... and the rest ...
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: server-entrypoint
servicePort: 8081
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: sidecar-es
namespace: default
annotations:
kubernetes.io/ingress.class: alb
# ... and the rest ...
spec:
rules:
- http:
paths:
- path: /es/*
backend:
serviceName: sidecar-entrypoint
servicePort: 8080
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句