Deny access to some specific paths while using kubernetes ingress

0 votes

I have a simple kubernetes ingress network. I want a mechanism where this network can deny the access to a few specific paths like to /admin and stuff using annotations.

This is my ingresss network file

apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
 name: ingress-test
 spec:
   rules:
   - host: host.host.com
   http:
      paths:
        - path: /service-mapping
      backend:
         serviceName: /service-mapping
         servicePort: 9042

How do i get that?

Sep 7, 2018 in Kubernetes by lina
• 8,220 points
12,181 views

2 answers to this question.

0 votes

Use nginx annotation, something like this

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
   name: nginx-configuration-snippet
   annotations:
      nginx.ingress.kubernetes.io/configuration-snippet: |

     server_tokens off;
     location DANGER-PATH {
    deny all;
    return 403;
  }

spec:
  rules:
   - host: api.myhost.com
   http:
  paths:
  - backend:
      serviceName: bookapi-2
      servicePort: 8080
    path: PATH 

If you are interested in knowing more about Kubernetes, then consider taking  CKA Certification Course.

answered Sep 7, 2018 by Kalgi
• 52,350 points
0 votes

Try to create two Ingresses first by default without any restriction:

apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
 name: ingress-test
 spec:
   rules:
   - host: host.host.com
   http:
      paths:
        - path: /service-mapping
      backend:
         serviceName: /service-mapping
         servicePort: 9042

Then, create a secret for auth as described in the doc:

Creating the htpasswd

$ htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo

Creating the secret:

$ kubectl create secret generic basic-auth --from-file=auth
secret "basic-auth" created

Second Ingress with auth for paths which you need to restrict:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropiate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - foo"
spec:
  rules:
  - host: host.host.com
    http:
      paths:
      - path: /admin
        backend:
          serviceName: service_name
          servicePort: 80
answered Sep 21, 2018 by Nilesh
• 7,060 points

Related Questions In Kubernetes

0 votes
1 answer

Not able to access kubernetes api from a pod in azure

Follow these steps Add --bind-address=0.0.0.0 option to the line https://github.com/kubernetes/kubernetes/blob/v1.2.0/docs/getting-started-guides/coreos/azure/cloud_config_templates/kubernetes-cluster-main-nodes-template.yml#L218  Created ...READ MORE

answered Aug 30, 2018 in Kubernetes by Kalgi
• 52,350 points
1,056 views
0 votes
1 answer

Unable to access pods using nodeIP

Your kubernetes cluster is missing the ingress ...READ MORE

answered Sep 7, 2018 in Kubernetes by Kalgi
• 52,350 points
1,058 views
0 votes
1 answer

Kubernetes ingress IP is set to docker0 ip

The issue here was the kubelet configuration. ...READ MORE

answered Sep 10, 2018 in Kubernetes by Kalgi
• 52,350 points
748 views
0 votes
2 answers

Not able to expose port 80 on the host, kubernetes ingress

I was facing the same error. The nginix ...READ MORE

answered Sep 11, 2018 in Kubernetes by Kalgi
• 52,350 points
2,201 views
+1 vote
1 answer
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
15,702 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
4,126 views
+1 vote
1 answer

Unable to access kubernetes dashboard

You’re trying to access a private IP. ...READ MORE

answered Aug 27, 2018 in Kubernetes by Kalgi
• 52,350 points
3,077 views
0 votes
2 answers

Access Kubernetes API using minKube

Try these commands: kubectl proxy --port=8080 You can then ...READ MORE

answered Aug 28, 2018 in Kubernetes by Hannah
• 18,520 points
1,933 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP