kubernetes-ingress

问题 I am trying to secure my application exposed as LB using oauth2_proxy, I have created 2 ingress resources as required one for running the oauth2_proxy and another for accessing my application which is to be secured through authentication. Refer link [https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/oauth-external-auth]. I have followed the exact process as mentioned in this link. When I hit my FQDN or Domain Name in browser it asks for authentication and upon

问题 I got ingress defined as: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: wp-ingress namespace: wordpress annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: 25m spec: rules: - host: my.domain.com http: paths: - path: / backend: serviceName: wordpress servicePort: 6002 And the back-end, defined as Cluster IP running on 6002 port. When I am trying to reach ingress by its ADDRESS in the

问题 I'm following a tutorial by Diego Martínez, outlining how to use an ingress controller with SSL on K8s. Everything works fine, with the exception of an RBAC error: It seems the cluster it is running with Authorization enabled (like RBAC) and there is no permissions for the ingress controller. Please check the configuration Does anyone know how I can grant RBAC permissions to this resource? I'm running on Google Cloud, and for reference, below is the ingress deployment spec 回答1: If you are

问题 I want to disable basic auth only on a specific subpath of my App. How this can be done? e.g. All subpaths should be basic auth secured: / This path should be an exception and public reachable: /#/public ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: app labels: app: app annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" ingress.kubernetes.io/auth-type: basic ingress.kubernetes.io/auth-secret: basic-auth ingress.kubernetes.io/auth-realm:

问题 I am running websphere application server deployment and service (type LoadBalancer). The websphere admin console works fine at URL https://svcloadbalancerip:9043/ibm/console/logon.jsp NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE was-svc LoadBalancer x.x.x.x x.x.x.x 9080:30810/TCP,9443:30095/TCP,9043:31902/TCP,7777:32123/TCP,31199:30225/TCP,8880:31027/TCP,9100:30936/TCP,9403:32371/TCP 2d5h But if i configure that websphere service behind ingress using ingress file like: apiVersion: networking

问题 Currently this setup worked for TCP but once switched to UDP I get the error The Service "nginx-ingress-controller" is invalid: spec.ports: Invalid value: []core.ServicePort{core.ServicePort{Name:"proxied-udp-30001", Protocol:"UDP", Port:30001, TargetPort:intstr.IntOrString{Type:0, IntVal:30001, StrVal:""}, NodePort:0}, core.ServicePort{Name:"proxied-udp-30002", Protocol:"UDP", Port:30002, TargetPort:intstr.IntOrString{Type:0, IntVal:30002, StrVal:""}, NodePort:0}, core.ServicePort{Name:"http

问题 I currently have a working Frontend and Backend nodeports with an Ingress service setup with GKE's Google-managed certificates. However, my issue is that by default when a user goes to samplesite.com, it uses http as default. This means that the user needs to specifically type in the browser https://samplesite.com in order to get the https version of my website. How do I properly disable http on GKE ingress, or how do I redirect all my traffic to https? I understand that this can be

问题 I have an application based on Python-Flask. I would like to get Clients Public Ip when they are hits my ingress endpoint. I have already tried to change externalTrafficPolicy to Local and Cluster. My Pod YAML file apiVersion: v1 kind: Pod metadata: labels: run: webplatform name: webplatform-deployment-6d68c99fc7-xlb8j namespace: prod spec: containers: - command: - python - /app/app.py envFrom: - secretRef: name: webplatform-secret optional: false image: docker.fuchicorp.com/webplatform-prod

问题 I have a following use case: Our customers frequently release new services on their K8s clusters. These new services are reachable from the outside world through a load balancing and Ingress to dynamically configure this load balancing once a service is deployed. This makes it really easy for the development teams of our customers because they don’t have to wait until somebody configures a load balancing manually. They can just create their own Ingress resource next to their service

问题 I have a following use case: Our customers frequently release new services on their K8s clusters. These new services are reachable from the outside world through a load balancing and Ingress to dynamically configure this load balancing once a service is deployed. This makes it really easy for the development teams of our customers because they don’t have to wait until somebody configures a load balancing manually. They can just create their own Ingress resource next to their service