I've a simple kubernetes ingress network.
I need deny the access some critical paths like /admin or etc.
My ingress network file shown as below.
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
 name: ingress-test
 spec:
   rules:
   - host: host.host.com
   http:
      paths:
        - path: /service-mapping
      backend:
         serviceName: /service-mapping
         servicePort: 9042
How I can deny the custom path with kubernetes ingress network, with nginx annonations or another methods .
I handle this issue with annotations shown as below .
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
   name: nginx-configuration-snippet
   annotations:
      nginx.ingress.kubernetes.io/configuration-snippet: |
     server_tokens off;
     location DANGER-PATH {
    deny all;
    return 403;
  }
spec:
  rules:
   - host: api.myhost.com
   http:
  paths:
  - backend:
      serviceName: bookapi-2
      servicePort: 8080
    path: PATH 
pathType. The pathType field specifies one of three ways that an Ingress Object's path should be interpreted: ImplementationSpecific: Path prefix matching is delegated to the Ingress Controller (IngressClass). Exact: Matches the URL path exactly (case sensitive) Prefix: Matches based on a URL path prefix split by /.
In this ingress definition, any characters captured by (. *) will be assigned to the placeholder $2 , which is then used as a parameter in the rewrite-target annotation. For example, the ingress definition above will result in the following rewrites: rewrite.bar.com/something rewrites to rewrite.bar.com/
8.0, one can install multiple NGINX ingress controllers in a Kubernetes cluster. The optional NGINX Ingress Controller can be installed as an App on your cluster.
You can use server-snippet annotation. This seems like exactly what you want to achieve.
I’ve faced the same issue and found the solution on github. To achieve your goal, you need to create two Ingresses first by default without any restriction:
apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
 name: ingress-test
 spec:
   rules:
   - host: host.host.com
   http:
      paths:
        - path: /service-mapping
      backend:
         serviceName: /service-mapping
         servicePort: 9042
Then, create a secret for auth as described in the doc:
Creating the htpasswd
$ htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo
Creating the secret:
$ kubectl create secret generic basic-auth --from-file=auth
secret "basic-auth" created
Second Ingress with auth for paths which you need to restrict:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropiate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"
spec:
  rules:
  - host: host.host.com
    http:
      paths:
      - path: /admin
        backend:
          serviceName: service_name
          servicePort: 80
According to sedooe answer, his solution may have some issues.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With