K8S中使用Ingress或者istio配置后端txt文件域名验证istio

admin

1 月前

方案一：Ingress配置

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/cors-allow-credentials: 'true'
    nginx.ingress.kubernetes.io/cors-allow-headers: *
    nginx.ingress.kubernetes.io/cors-allow-methods: GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
    nginx.ingress.kubernetes.io/cors-allow-origin: >-
      https://uat.linux66.cn, https://dev-linux66.cn,
      https://test-linux66.cn
    nginx.ingress.kubernetes.io/enable-cors: 'true'
    nginx.ingress.kubernetes.io/proxy-body-size: 100M
    nginx.ingress.kubernetes.io/server-snippet: |
      location = /ww_verify_hkF98S8SJDJQx.txt {
        if ($host = "api.linux66.cn") {
          return 200 "hkF98S8SJDJQx";
        }
      }
    nginx.ingress.kubernetes.io/use-regex: 'true'
  labels:
    app.kubernetes.io/instance: dev-api-gateway
  name: api-gateway
  namespace: dev
spec:
  ingressClassName: nginx
  rules:
    - host: api.linux66.cn
      http:
        paths:
          - backend:
              service:
                name: api-internal-gateway
                port:
                  number: 8080
            path: /
            pathType: ImplementationSpecific
  tls:
    - hosts:
        - api.linux66.cn
      secretName: linux66.cn

方案二：istio配置

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: api-gateway-virtualservice
  namespace: istio-ingress
spec:
  gateways:
  - api-gateway
  hosts:
  - api.linux66.cn
  http:
  - directResponse:
      body:
        string: hkF98S8SJDJQx
      status: 200
    match:
    - uri:
        exact: /ww_verify_hkF98S8SJDJQx.txt
  - match:
    - uri:
        prefix: /
    route:
    - destination:
        host: api-internal-gateway.test.svc.cluster.local
        port:
          number: 8080