堆栈内存溢出
  简体   繁体   English

通过 nginx 入口控制器进行基本身份验证

[英]Basic authentication via nginx ingress controller

 原文  2020-01-20 13:11:55       nginx/ kubernetes/ nginx-ingress

问题描述

I am using nginx ingress controller ( https://kubernetes.github.io/ingress-nginx/deploy/ ) on AWS.我在 AWS 上使用 nginx 入口控制器( https://kubernetes.github.io/ingress-nginx/deploy/ )。 The backend service (kibana from ECK: https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operator-config.html ) uses HTTP basic auth mechanics.后端服务(来自 ECK 的 kibana: https ://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-operator-config.html)使用 HTTP 基本身份验证机制。

Is there a way to tune nginx so that it appends Authorization: Basic header to every request forwarded to my service so that users won't have to type the password?有没有办法调整 nginx 以便它向转发到我的服务的每个请求附加 Authorization: Basic 标头,这样用户就不必输入密码?

This solution did not work for me:此解决方案对我不起作用:

nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "Authorization: Basic encoded_credentals";

as I am still being prompted for a password.因为我仍然被提示输入密码。

2 个解决方案

解决方案1
 7  2020-01-20 13:18:07

Here is an ingress rule using a secret that contains a file generated with htpasswd.这是一个使用包含 htpasswd 生成的文件的秘密的入口规则。 It's important the file generated is named auth (actually - that the secret has a key data.auth), otherwise the ingress-controller returns a 503.生成的文件命名为 auth 很重要(实际上 - 秘密有一个密钥 data.auth),否则入口控制器返回 503。

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: ingress-with-auth
  annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - path: /
        backend:
          serviceName: http-svc
          servicePort: 80

Secret creation秘密创作

$ htpasswd -c auth foo
New password: <bar>
New password:
Re-type new password:
Adding password for user foo
$ kubectl create secret generic basic-auth --from-file=auth
secret "basic-auth" created
$ kubectl get secret basic-auth -o yaml
apiVersion: v1
data:
  auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK
kind: Secret
metadata:
  name: basic-auth
  namespace: default
type: Opaque

Access it using curl and you should get 200 Ok.使用 curl 访问它,你应该得到 200 Ok。

$ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com' -u 'foo:bar'

Check this example here 在此处检查此示例

解决方案2
 5  2020-01-29 16:40:38

Solution:解决方案:

nginx.ingress.kubernetes.io/configuration-snippet: |
    more_set_input_headers "Authorization: Basic <based64 user:pass>";

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过nginx入口控制器进行Ldap认证 - Ldap authentication via nginx ingress controller Nginx 入口 controller 身份验证不起作用 - Nginx ingress controller authentication not working NGINX 代理到入口 Controller 与客户端证书身份验证 - NGINX proxy to Ingress Controller with Client Certificate Authentication nginx.ingress注释不适用于Kubernetes中的基本身份验证 - nginx.ingress annotations not working for basic authentication in Kubernetes 如何为Github身份验证配置Nginx-ingress控制器? - How to configure nginx-ingress controller for Github Authentication? 无法通过 nginx-ingress-controller 访问 Kubernetes ClusterIP 服务 - Unable to access Kubernetes ClusterIP services via nginx-ingress-controller 如何通过 NGINX 入口 Controller 暴露端口 22? - How to expose port 22 via NGINX Ingress Controller? nginx 入口没有 controller 服务 - nginx ingress no controller service Nginx 代理到入口 nginx controller - Nginx proxy to ingress nginx controller Ingress资源与Kubernetes上的NGINX入口控制器 - Ingress resource vs NGINX ingress controller on Kubernetes
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM