问题描述
我知道Kubernetes中的LoadBalancer类型服务可能具有客户端亲缘关系.事实是,这种亲缘关系并不禁止两个不同的客户端访问同一吊舱.
I am aware that client affinity is possible for a LoadBalancer type service in Kubernetes. The thing is that this affinity doesn't forbid that two different clientes access the same pod.
是否可以将某个pod始终仅与同一客户端相关联?
Is it possible to associate a pod exclusively always to the same client?
提前感谢,祝您有个愉快的一天!
Thanks in advance and have a really nice day!
推荐答案
要仅允许特定的外部客户端访问特定的Pod/Deployment,可以使用白名单/源范围.可以以loadBalancerSourceRanges
的形式应用于LoadBalancers .您可以在服务中添加一个部分,例如:
To only allow a specific external client/s to access a specific Pod/Deployment you can use whitelisting/source ranges. Restrictions can be applied to LoadBalancers as loadBalancerSourceRanges
. You add a section to the Service like:
loadBalancerSourceRanges:
- 130.211.204.1/32
- 130.211.204.2/32
或者,您可以使用Ingress和在Ingress上应用白名单.对于使用nginx Ingress列入白名单,您可以向Ingress添加注释,例如nginx.ingress.kubernetes.io/whitelist-source-range: 49.36.X.X/32
Alternatively you could expose the Pod with an Ingress and apply whitelisting on the Ingress. For whitelisting with an nginx Ingress you can add annotation to the Ingress such as nginx.ingress.kubernetes.io/whitelist-source-range: 49.36.X.X/32
这篇关于独家客户关系的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!