Kubernetes Ingress network deny some paths
Solution 1
I’ve faced the same issue and found the solution on github. To achieve your goal, you need to create two Ingresses first by default without any restriction:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-test
spec:
rules:
- host: host.host.com
http:
paths:
- path: /service-mapping
backend:
serviceName: /service-mapping
servicePort: 9042
Then, create a secret
for auth as described in the doc:
Creating the htpasswd
$ htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo
Creating the secret
:
$ kubectl create secret generic basic-auth --from-file=auth
secret "basic-auth" created
Second Ingress with auth for paths which you need to restrict:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropiate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"
spec:
rules:
- host: host.host.com
http:
paths:
- path: /admin
backend:
serviceName: service_name
servicePort: 80
According to sedooe answer, his solution may have some issues.
Solution 2
You can use server-snippet annotation. This seems like exactly what you want to achieve.
ColossusMark1
Updated on June 06, 2022Comments
-
ColossusMark1 almost 2 years
I've a simple kubernetes ingress network.
I need deny the access some critical paths like /admin or etc.
My ingress network file shown as below.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-test spec: rules: - host: host.host.com http: paths: - path: /service-mapping backend: serviceName: /service-mapping servicePort: 9042
How I can deny the custom path with kubernetes ingress network, with nginx annonations or another methods .
I handle this issue with annotations shown as below .
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-configuration-snippet annotations: nginx.ingress.kubernetes.io/configuration-snippet: | server_tokens off; location DANGER-PATH { deny all; return 403; } spec: rules: - host: api.myhost.com http: paths: - backend: serviceName: bookapi-2 servicePort: 8080 path: PATH
-
ColossusMark1 over 5 yearsI handled this issue with nginx annotations . Thanks it works !
-
ColossusMark1 over 5 yearsI handled path denying with simple configuration for now, but thanks for your detailed answer Http Authentication spec at ingress. I will try it . Thanks again :)