堆栈内存溢出
  简体   繁体   English

kubernetes nginx入口zipkin基本认证

[英]kubernetes nginx ingress zipkin basic-auth

 原文  2017-08-03 19:22:41       nginx/ kubernetes

问题描述

So I'm having zipkin gathering my data inside kubernetes from other services. 所以我正在使用zipkin从其他服务在kubernetes中收集我的数据。 I'm having nginx ingress controller defined to expose my services and all works nice. 我正在定义nginx入口控制器以公开我的服务,并且一切正常。 As zipkin is admin thing I'd love to have it behind some security ie. 因为zipkin是管理员的东西,所以我希望它具有某种安全性,例如。 basic auth. 基本认证 If I add 3 lines marked as "#problematic lines - start" and "#problematic lines - stop" below my zipkin front is no longer visible and I get 503. 如果在zipkin前面下方添加3条标记为“ #problematic lines-start”和“ #problematic lines-stop”的行,则不再可见,则显示503。

It's created with https://github.com/kubernetes/ingress/tree/master/examples/auth/basic/nginx and no difficult things here. 它是使用https://github.com/kubernetes/ingress/tree/master/examples/auth/basic/nginx创建的,这里没有困难。 

apiVersion: v1
kind: Service
metadata:
  name: zipkin
  labels:
    app: zipkin
    tier: monitor
spec:
  ports:
  - port: 9411
    targetPort: 9411
  selector:
    app: zipkin
    tier: monitor
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: zipkin
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: zipkin
        tier: monitor
    spec:
      containers:
      - name: zipkin
        image: openzipkin/zipkin
        resources:
          requests:
            memory: "300Mi"
            cpu: "100m"
          limits:
            memory: "500Mi"
            cpu: "250m"
        ports:
        - containerPort: 9411
---
apiVersion: v1
kind: Service
metadata:
  name: zipkin-ui
  labels:
    app: zipkin-ui
    tier: monitor
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: zipkin-ui
    tier: monitor
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: zipkin-ui
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: zipkin-ui
        tier: monitor
    spec:
      containers:
      - name: zipkin-ui
        image: openzipkin/zipkin-ui
        resources:
          requests:
            memory: "300Mi"
            cpu: "100m"
          limits:
            memory: "500Mi"
            cpu: "250m"
        ports:
        - containerPort: 80
        env:
        - name: ZIPKIN_BASE_URL
          value: "http://zipkin:9411"
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: zipkin
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/enable-cors: "true"
    ingress.kubernetes.io/ssl-redirect: "false"
#problematic lines - start
    ingress.kubernetes.io/auth-type: basic
    ingress.kubernetes.io/auth-secret: basic-auth
    ingress.kubernetes.io/auth-realm: "Authentication Required"
#problematic lines - stop
spec:
  rules:
  - host: "zipkin.lalala.com"
    http:
      paths:
      - path: /
        backend:
          serviceName: zipkin-ui
          servicePort: 80

I'm not sure if it's not about possible infulence but I used https://github.com/kubernetes/ingress/blob/master/controllers/nginx/rootfs/etc/nginx/nginx.conf file as template for my nginx ingress controller as I needed to modify some CORS rules. 我不确定这是否可能会造成干扰,但是我使用https://github.com/kubernetes/ingress/blob/master/controllers/nginx/rootfs/etc/nginx/nginx.conf文件作为我的Nginx入口的模板我需要修改一些CORS规则的控制器。 I see there part: 我看到那里的一部分: 

{{ if $location.BasicDigestAuth.Secured }}
{{ if eq $location.BasicDigestAuth.Type "basic" }}
auth_basic "{{ $location.BasicDigestAuth.Realm }}";
auth_basic_user_file {{ $location.BasicDigestAuth.File }};
{{ else }}
auth_digest "{{ $location.BasicDigestAuth.Realm }}";
auth_digest_user_file {{ $location.BasicDigestAuth.File }};
{{ end }}
proxy_set_header Authorization "";
{{ end }}

but I don't see result in: kubectl exec nginx-ingress-controller-lalala-lalala -n kube-system cat /etc/nginx/nginx.conf | grep auth 但是我看不到结果: kubectl exec nginx-ingress-controller-lalala-lalala -n kube-system cat /etc/nginx/nginx.conf | grep auth kubectl exec nginx-ingress-controller-lalala-lalala -n kube-system cat /etc/nginx/nginx.conf | grep auth . kubectl exec nginx-ingress-controller-lalala-lalala -n kube-system cat /etc/nginx/nginx.conf | grep auth Due to this my guess is that I need to add some annotation to make this {{ if $location.BasicDigestAuth.Secured }} part work. 因此,我的猜测是,我需要添加一些注释以使此{{ if $location.BasicDigestAuth.Secured }}起作用。 Unfortunately I cannot find anything about it. 不幸的是我找不到任何东西。

1 个解决方案

解决方案1
 0  2017-08-11 10:02:33

I have the same config running on my ingress 9.0-beta.11. 我在入口9.0-beta.11上运行了相同的配置。 I guess it's just a misconfiguration. 我想这只是一个错误的配置。

First I'll recommend you to not change the template and use the default values and just change when the basic-auth works. 首先,我建议您不要更改模板,而应使用默认值,而只需更改基本身份验证的工作时间即可。

What the logs of ingress show to you? 入口日志向您显示了什么? Did you create the basic-auth file in the same namespace of the ingress resource? 您是否在入口资源的相同名称空间中创建了基本身份验证文件?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法配置 Kubernetes nginx 入口基本身份验证 - Can't configure Kubernetes nginx ingress basic auth Kubernetes NGINX入口:禁用特定路径的基本身份验证 - Kubernetes NGINX Ingress: Disable Basic Auth for specific path 无法使用 Google Kubernetes Engien Nginx 入口控制器获得 HTTP 基本身份验证 - Can't get HTTP basic auth with Google Kubernetes Engien Nginx ingress controller nginx.ingress注释不适用于Kubernetes中的基本身份验证 - nginx.ingress annotations not working for basic authentication in Kubernetes Kubernetes NGINX 入口:禁用特定路径的外部身份验证 - Kubernetes NGINX Ingress: Disable external auth for specific path Nginx Kube.netes 集群上的入口 - Nginx Ingress on Kubernetes Cluster Kubernetes nginx 入口 ssl - Kubernetes nginx ingress ssl kubernetes nginx 入口控制器错误 - kubernetes nginx ingress controller error Kibana与Kubernetes中的nginx入口控制器 - Kibana with nginx ingress controller in Kubernetes Kubernetes 的 Nginx Ingress “连接被拒绝” - Nginx Ingress for Kubernetes “Connection refused”
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM