修改 master 配置文件,使其包含用户代理配置。例如,以下用户代理拒绝 Kubernetes 1.2 客户端二进制、OKD 1.1.3 二进制,以及 POST 和 PUT httpVerb:
policyConfig:
userAgentMatchingConfig:
defaultRejectionMessage: "Your client is too old. Go to https://example.org to update it."
deniedClients:
- regex: '\w+/v(?:(?:1\.1\.1)|(?:1\.0\.1)) \(.+/.+\) openshift/\w{7}'
- regex: '\w+/v(?:1\.1\.3) \(.+/.+\) openshift/\w{7}'
httpVerbs:
- POST
- PUT
- regex: '\w+/v1\.2\.0 \(.+/.+\) kubernetes/\w{7}'
httpVerbs:
- POST
- PUT
requiredClients: null
policyConfig:userAgentMatchingConfig:defaultRejectionMessage:"Your client is too old. Go to https://example.org to update it."deniedClients:-regex:'\w+/v(?:(?:1\.1\.1)|(?:1\.0\.1)) \(.+/.+\) openshift/\w{7}'-regex:'\w+/v(?:1\.1\.3) \(.+/.+\) openshift/\w{7}'httpVerbs:- POST
- PUT
-regex:'\w+/v1\.2\.0 \(.+/.+\) kubernetes/\w{7}'httpVerbs:- POST
- PUT
requiredClients:null
Copy to ClipboardCopied!Toggle word wrapToggle overflow
以下示例拒绝与预期客户端不完全匹配的客户端:
policyConfig:
userAgentMatchingConfig:
defaultRejectionMessage: "Your client is too old. Go to https://example.org to update it."
deniedClients: []
requiredClients:
- regex: '\w+/v1\.1\.3 \(.+/.+\) openshift/\w{7}'
- regex: '\w+/v1\.2\.0 \(.+/.+\) kubernetes/\w{7}'
httpVerbs:
- POST
- PUT
policyConfig:userAgentMatchingConfig:defaultRejectionMessage:"Your client is too old. Go to https://example.org to update it."deniedClients:[]requiredClients:-regex:'\w+/v1\.1\.3 \(.+/.+\) openshift/\w{7}'-regex:'\w+/v1\.2\.0 \(.+/.+\) kubernetes/\w{7}'httpVerbs:- POST
- PUT
Copy to ClipboardCopied!Toggle word wrapToggle overflow