我正在从 Kubernetes 迁移到 Cloud Run。目前,Kubernetes Ingress 允许我使用 Nginx Ingress Controller 注释在单个配置中全局设置所有子域的标头,如下所示:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: 150m
nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1200"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1200"
nginx.ingress.kubernetes.io/upstream-fail-timeout: "1200"
nginx.ingress.kubernetes.io/configuration-snippet: |
set $http_origin "${scheme}://${host}";
if ($http_origin ~* (^https?://([^/]+\.)*(app|staging|dev|beta)(\.example\.com)$)) {
add_header X-Frame-Options DENY;
}
more_set_headers "server: hide";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Referrer-Policy: strict-origin";
我想实现类似的路由设置,但使用全局 HTTPS 负载均衡器将流量路由到我的 Cloud Run 部署。通过查阅 Google Cloud 负载均衡器文档,我得出了以下配置:
defaultService: projects/dev/global/backendServices/hello-default-backend
name: example
routeRules:
- matchRules:
- prefixMatch: /blue
priority: 2
routeAction:
weightedBackendServices:
- backendService: projects/dev/global/backendServices/hello-blue-backend
weight: 100
urlRewrite:
hostRewrite: hello-blue-backend
headerAction:
responseHeadersToAdd:
- headerValue: DENY
headerName: X-Frame-Options
replace: true
- matchRules:
- prefixMatch: /green
priority: 3
routeAction:
weightedBackendServices:
- backendService: projects/dev/global/backendServices/hello-green-backend
weight: 100
urlRewrite:
hostRewrite: hello-green-backend
headerAction:
responseHeadersToAdd:
- headerValue: DENY
headerName: X-Frame-Options
replace: true
如您所见,在上面的配置中,我需要为每个 matchRules 块指定标头。有没有办法实现与我在 Nginx Ingress Controller 中类似的结果?至少有一种全局方法来定义标头。