Ingress Annotations(注解)

半兽人 发表于: 2023-12-06   最后更新时间: 2023-12-11 14:27:42  
{{totalSubscript}} 订阅, 1,243 游览

Ingress是通过向kubernetes annotations(注解)添加特定的内容,来自定义配置的。

!!! 提示,注解key和value只能是字符串。其他类型,例如boolean或数值,必须用引号引起来,如:“true”、“false”、“100”。

!!! 注意,可以使用--annotations-prefix命令行参数更改注释前缀,但默认是 nginx.ingress.kubernetes.io。如下表所示:

名称 类型
nginx.ingress.kubernetes.io/app-root string
nginx.ingress.kubernetes.io/affinity cookie
nginx.ingress.kubernetes.io/affinity-mode "balanced" or "persistent"
nginx.ingress.kubernetes.io/affinity-canary-behavior "sticky" or "legacy"
nginx.ingress.kubernetes.io/auth-realm string
nginx.ingress.kubernetes.io/auth-secret string
nginx.ingress.kubernetes.io/auth-secret-type string
nginx.ingress.kubernetes.io/auth-type "basic" or "digest"
nginx.ingress.kubernetes.io/auth-tls-secret string
nginx.ingress.kubernetes.io/auth-tls-verify-depth number
nginx.ingress.kubernetes.io/auth-tls-verify-client string
nginx.ingress.kubernetes.io/auth-tls-error-page string
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream "true" or "false"
nginx.ingress.kubernetes.io/auth-tls-match-cn string
nginx.ingress.kubernetes.io/auth-url string
nginx.ingress.kubernetes.io/auth-cache-key string
nginx.ingress.kubernetes.io/auth-cache-duration string
nginx.ingress.kubernetes.io/auth-keepalive number
nginx.ingress.kubernetes.io/auth-keepalive-share-vars "true" or "false"
nginx.ingress.kubernetes.io/auth-keepalive-requests number
nginx.ingress.kubernetes.io/auth-keepalive-timeout number
nginx.ingress.kubernetes.io/auth-proxy-set-headers string
nginx.ingress.kubernetes.io/auth-snippet string
nginx.ingress.kubernetes.io/enable-global-auth "true" or "false"
nginx.ingress.kubernetes.io/backend-protocol HTTP,HTTPS,GRPC,GRPCS
nginx.ingress.kubernetes.io/canary "true" or "false"
nginx.ingress.kubernetes.io/canary-by-header string
nginx.ingress.kubernetes.io/canary-by-header-value string
nginx.ingress.kubernetes.io/canary-by-header-pattern string
nginx.ingress.kubernetes.io/canary-by-cookie string
nginx.ingress.kubernetes.io/canary-weight number
nginx.ingress.kubernetes.io/canary-weight-total number
nginx.ingress.kubernetes.io/client-body-buffer-size string
nginx.ingress.kubernetes.io/configuration-snippet string
nginx.ingress.kubernetes.io/custom-http-errors []int
nginx.ingress.kubernetes.io/disable-proxy-intercept-errors "true" or "false"
nginx.ingress.kubernetes.io/default-backend string
nginx.ingress.kubernetes.io/enable-cors "true" or "false"
nginx.ingress.kubernetes.io/cors-allow-origin string
nginx.ingress.kubernetes.io/cors-allow-methods string
nginx.ingress.kubernetes.io/cors-allow-headers string
nginx.ingress.kubernetes.io/cors-expose-headers string
nginx.ingress.kubernetes.io/cors-allow-credentials "true" or "false"
nginx.ingress.kubernetes.io/cors-max-age number
nginx.ingress.kubernetes.io/force-ssl-redirect "true" or "false"
nginx.ingress.kubernetes.io/from-to-www-redirect "true" or "false"
nginx.ingress.kubernetes.io/http2-push-preload "true" or "false"
nginx.ingress.kubernetes.io/limit-connections number
nginx.ingress.kubernetes.io/limit-rps number
nginx.ingress.kubernetes.io/global-rate-limit number
nginx.ingress.kubernetes.io/global-rate-limit-window duration
nginx.ingress.kubernetes.io/global-rate-limit-key string
nginx.ingress.kubernetes.io/global-rate-limit-ignored-cidrs string
nginx.ingress.kubernetes.io/permanent-redirect string
nginx.ingress.kubernetes.io/permanent-redirect-code number
nginx.ingress.kubernetes.io/temporal-redirect string
nginx.ingress.kubernetes.io/preserve-trailing-slash "true" or "false"
nginx.ingress.kubernetes.io/proxy-body-size string
nginx.ingress.kubernetes.io/proxy-cookie-domain string
nginx.ingress.kubernetes.io/proxy-cookie-path string
nginx.ingress.kubernetes.io/proxy-connect-timeout number
nginx.ingress.kubernetes.io/proxy-send-timeout number
nginx.ingress.kubernetes.io/proxy-read-timeout number
nginx.ingress.kubernetes.io/proxy-next-upstream string
nginx.ingress.kubernetes.io/proxy-next-upstream-timeout number
nginx.ingress.kubernetes.io/proxy-next-upstream-tries number
nginx.ingress.kubernetes.io/proxy-request-buffering string
nginx.ingress.kubernetes.io/proxy-redirect-from string
nginx.ingress.kubernetes.io/proxy-redirect-to string
nginx.ingress.kubernetes.io/proxy-http-version "1.0" or "1.1"
nginx.ingress.kubernetes.io/proxy-ssl-secret string
nginx.ingress.kubernetes.io/proxy-ssl-ciphers string
nginx.ingress.kubernetes.io/proxy-ssl-name string
nginx.ingress.kubernetes.io/proxy-ssl-protocols string
nginx.ingress.kubernetes.io/proxy-ssl-verify string
nginx.ingress.kubernetes.io/proxy-ssl-verify-depth number
nginx.ingress.kubernetes.io/proxy-ssl-server-name string
nginx.ingress.kubernetes.io/enable-rewrite-log "true" or "false"
nginx.ingress.kubernetes.io/rewrite-target URI
nginx.ingress.kubernetes.io/satisfy string
nginx.ingress.kubernetes.io/server-alias string
nginx.ingress.kubernetes.io/server-snippet string
nginx.ingress.kubernetes.io/service-upstream "true" or "false"
nginx.ingress.kubernetes.io/session-cookie-name string
nginx.ingress.kubernetes.io/session-cookie-path string
nginx.ingress.kubernetes.io/session-cookie-domain string
nginx.ingress.kubernetes.io/session-cookie-change-on-failure "true" or "false"
nginx.ingress.kubernetes.io/session-cookie-samesite string
nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none "true" or "false"
nginx.ingress.kubernetes.io/ssl-redirect "true" or "false"
nginx.ingress.kubernetes.io/ssl-passthrough "true" or "false"
nginx.ingress.kubernetes.io/stream-snippet string
nginx.ingress.kubernetes.io/upstream-hash-by string
nginx.ingress.kubernetes.io/x-forwarded-prefix string
nginx.ingress.kubernetes.io/load-balance string
nginx.ingress.kubernetes.io/upstream-vhost string
nginx.ingress.kubernetes.io/denylist-source-range CIDR
nginx.ingress.kubernetes.io/whitelist-source-range CIDR
nginx.ingress.kubernetes.io/proxy-buffering string
nginx.ingress.kubernetes.io/proxy-buffers-number number
nginx.ingress.kubernetes.io/proxy-buffer-size string
nginx.ingress.kubernetes.io/proxy-max-temp-file-size string
nginx.ingress.kubernetes.io/ssl-ciphers string
nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers "true" or "false"
nginx.ingress.kubernetes.io/connection-proxy-header string
nginx.ingress.kubernetes.io/enable-access-log "true" or "false"
nginx.ingress.kubernetes.io/enable-opentracing "true" or "false"
nginx.ingress.kubernetes.io/opentracing-trust-incoming-span "true" or "false"
nginx.ingress.kubernetes.io/enable-opentelemetry "true" or "false"
nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span "true" or "false"
nginx.ingress.kubernetes.io/use-regex bool
nginx.ingress.kubernetes.io/enable-modsecurity bool
nginx.ingress.kubernetes.io/enable-owasp-core-rules bool
nginx.ingress.kubernetes.io/modsecurity-transaction-id string
nginx.ingress.kubernetes.io/modsecurity-snippet string
nginx.ingress.kubernetes.io/mirror-request-body string
nginx.ingress.kubernetes.io/mirror-target string
nginx.ingress.kubernetes.io/mirror-host string

详细的配置介绍,可参考:https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

例子:

对于 NGINX,当请求的大小超过客户端请求正文允许的最大大小时,将向客户端返回 413 错误。该大小可通过参数client_max_body_size进行配置。

要在Ingress中使用,是通过加入注释:

  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "8m"
    ...

例如:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/proxy-connect-timeout: '10'
  labels:
    app: test-ingress
  name: test-ingress
  namespace: my-space
spec:
  ingressClassName: nginx
  rules:
    - host: xxx.test.com
      http:
        paths:
          - backend:
              service:
                name: nginx-svc
                port:
                  number: 80
            path: /
            pathType: Prefix

REF

https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-max-body-size

更新于 2023-12-11

查看ingress更多相关的文章或提一个关于ingress的问题,也可以与我们一起分享文章