如何配置Kubernetes Ingress nginx anotions白名单仅适用于HTTP

nginx.ingress.kubernetes.io/configuration-snippet

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: "service"
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    # The configs to allow all IPs access via https and allow some IPs in
    # security whitelist access via http
    nginx.ingress.kubernetes.io/configuration-snippet: |

      if ($https) {
        set $allow_ip true;
      }

      if ($remote_addr ~ (x.x.x.x|y.y.y.y) {
        set $allow_ip true;
      }

      if ($allow_ip != true) {
        return 403;
      }
spec:
  tls:
  - hosts:
    - "example.com"
    secretName: example.name
  rules:
  - host: "example.com"
    http:
      paths:
      - path: /
        backend:
          serviceName: service
          servicePort: 80

whitelist-source-range tls kubernetes.io/ingress.allow-http

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: service-https
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    kubernetes.io/ingress.allow-http: "false"
spec:
  tls:
  - hosts:
    - "example.com"
    secretName: example.name
  rules:
  - host: "example.com"
    http:
      paths:
      - path: /
        backend:
          serviceName: service
          servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: service-http
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: "x.x.x.x/xx"
spec:
  rules:
  - host: "example.com"
    http:
      paths:
      - path: /
        backend:
          serviceName: service
          servicePort: 80

continues to listen on port 80

"Kubernetes TCP load balancer service on premise (non-cloud)"

Istio Ingress