问题描述

这是ConfigMap资源:

This is the ConfigMap resource:

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-configuration
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
data:
  use-proxy-protocol: "false"
  use-forwarded-headers: "true"
  proxy-real-ip-cidr: "0.0.0.0/0" # restrict this to the IP addresses of ELB
  http-snippet: "map $http_origin $cors {
          hostnames;

          default       'default.com';
          .local        $http_origin;
          .blah.org $http_origin;
      }"

然后，我获得了以下Ingress资源，该资源正在从我之前在ConfigMap nginx.ingress.kubernetes.io/cors-allow-origin: "$cors"上设置的map指令中读取值:

And then I've got the following Ingress resource which is reading the value from the map directive I set up previously on the ConfigMap nginx.ingress.kubernetes.io/cors-allow-origin: "$cors":

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  namespace: "default"
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-origin: "$cors"
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, HEAD, OPTIONS"
    nginx.ingress.kubernetes.io/cors-allow-headers: "Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With"
    .
    .
    .

我遇到的问题是注释未正确读取map指令上设置的$ cors变量，并且生成的nginx.conf文件始终设置"add_header'Access-Control-Allow-Origin'响应标头改为"*".

The issue I'm getting is that the annotation doesn't read the $cors variable set on the map directive properly and the resulting nginx.conf file always sets the "add_header 'Access-Control-Allow-Origin' response header to "*".

我在这里错过了什么吗?

Am I missing anything here?

推荐答案

这是nginx.ingress.kubernetes.io/cors-allow-origin批注中CORS实现的众所周知的行为，仅限于单个值(具有硬编码格式)或*， Nginx Ingress控制器文档:

This is well known behavior for CORS implementation within nginx.ingress.kubernetes.io/cors-allow-origin annotation, limited to only single value (with hard coded format) or *, looking into the Nginx Ingress controller documentation:

因此，为了在原始标头中支持多个域，我假设您可能考虑注入一些有助于工作的脚本.有一个专用的FR提出了#1171 ，其摘要由@claudiuchis提供完成它.

Therefore, in order to support multiple domains in the origin header, I assume that you might consider to inject some script which makes job. There is a dedicated FR raised #1171, with a snippet provided by @claudiuchis to get it done.

这篇关于map指令未正确读取nginx入口控制器kubernetes的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！