我正在使用 nginx 入口控制器(https://kubernetes.github.io/ingress-nginx/deploy/ https://kubernetes.github.io/ingress-nginx/deploy/)在 AWS 上。后端服务(来自 ECK 的 kibana:https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operator-config.html https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operator-config.html) 使用 HTTP 基本身份验证机制。
有没有办法调整 nginx,以便将 Authorization: Basic 标头附加到转发到我的服务的每个请求,以便用户不必输入密码?
这个解决方案对我不起作用:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Authorization: Basic encoded_credentals";
因为仍然提示我输入密码。
这是使用包含 htpasswd 生成的文件的机密的入口规则。生成的文件名为 auth 很重要(实际上 - 密钥有一个密钥 data.auth),否则入口控制器将返回 503。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: http-svc
servicePort: 80
秘密创作
$ htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo
$ kubectl create secret generic basic-auth --from-file=auth
secret "basic-auth" created
$ kubectl get secret basic-auth -o yaml
apiVersion: v1
data:
auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK
kind: Secret
metadata:
name: basic-auth
namespace: default
type: Opaque
使用curl 访问它,您应该得到 200 Ok。
$ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com' -u 'foo:bar'
检查这个例子here https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/basic
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)