You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/04/20 03:04:31 UTC

[GitHub] [dolphinscheduler] chncaesar commented on pull request #9492: Add ingress annotations

chncaesar commented on PR #9492:
URL: https://github.com/apache/dolphinscheduler/pull/9492#issuecomment-1103422851

   Here's the test result, sorry it's late.
   
   ### 环境介绍
   DolphinScheduler 部署在 AKS,使用 ingress 暴露公网 IP。下面将公网 IP 隐去。
   
   ### 前后对比
   添加 IP 白名单前 Ingress yaml 文件
   ```
   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: dolphin
     labels:
       app.kubernetes.io/name: dolphin
       app.kubernetes.io/instance: dolphin
       app.kubernetes.io/managed-by: Helm
       app.kubernetes.io/version: 1.3.9
   spec:
     rules:
     - host: 
       http:
         paths:
           - path: /dolphinscheduler
             backend:
               service:
                 name: dolphin-api
                 port:
                   name: api-port
             pathType: Prefix
   
   ```
   
   curl 访问 DS 登录页,返回 Status 200
   `curl -i http://<public_ip>/dolphinscheduler/ui/view/login/index.html`
   ```text
   HTTP/1.1 200 OK
   Content-Length: 1109
   Accept-Ranges: bytes
   Connection: keep-alive
   Content-Type: text/html
   Date: Wed, 20 Apr 2022 02:49:53 GMT
   ```
   values.yaml 增加 IP 白名单
   
   ```yaml
   ingress:
     enabled: true
     #host: "dolphinscheduler.org"
     path: "/dolphinscheduler"
     annotations:
       nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.1.0/8
   ```
   
   ingress yaml 多了 annotations
   ```yaml
   
   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     name: dolphin
     labels:
       app.kubernetes.io/name: dolphin
       app.kubernetes.io/instance: dolphin
       app.kubernetes.io/managed-by: Helm
       app.kubernetes.io/version: 1.3.9
     annotations:
       nginx.ingress.kubernetes.io/whitelist-source-range: 192.168.1.0/8
   spec:
     rules:
     - host: 
       http:
         paths:
           - path: /dolphinscheduler
             backend:
               service:
                 name: dolphin-api
                 port:
                   name: api-port
             pathType: Prefix
   
   ```
   再次执行 `curl`,报 403 错误。
   ```
   curl -i http://<public_ip>/dolphinscheduler/ui/view/login/index.html
   HTTP/1.1 403 Forbidden
   Server: nginx/1.19.1
   Date: Wed, 20 Apr 2022 03:00:40 GMT
   Content-Type: text/html
   Content-Length: 153
   Connection: keep-alive
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org