我有一个应用程序,它的所有路由都需要tls-client身份验证,除了一条路径,我们称之为"/some-path"
现在我尝试在同一主机上设置两条路由,如:
apiVersion: route.openshift.io/v1
kind: Route
name: route-path
spec:
host: example.com
path: "/some-path"
to:
kind: Service
name: my-service
weight: 100
port:
targetPort: http
tls:
termination: edge
insecureEdgeTerminationPolicy: None
---
apiVersion: route.openshift.io/v1
kind: Route
name: route
spec:
host: example.com
path: ""
to:
kind: Service
name: my-service
weight: 100
port:
targetPort: https
tls:
termination: passthrough
insecureEdgeTerminationPolicy: None
问题是,我无法访问我的应用程序的http端口,因为路由"route"还捕获该路径的流量。除了更改应用程序其余部分的主机或路径之外,还有其他解决方案吗?
您是否尝试在第二条路由中设置path: "/" ?
基于'基于路径的路由',它应该工作,如果你使用默认的入口控制器:
路由器应该根据最特定的路径匹配到最小的路由。但是,这取决于路由器的实现。
此外,正如文档中所述,当您混合"edge"和"passthrough" TLS终止时,我不确定它是否会工作
当使用透传TLS时,基于路径的路由不可用,因为路由器在这种情况下不会终止TLS,并且无法读取请求的内容。
路径指定路由:example.com/test
apiVersion: v1
kind: Route
metadata:
name: route-unsecured
spec:
host: example.com
path: "/test"
to:
kind: Service
name: service-name
apiVersion: v1
kind: Route
metadata:
name: route-unsecured
spec:
host: example.com
path: "/"
to:
kind: Service
name: service-name