stackoom
  简体   繁体   中英

Google Kubernetes Engine (GKE) Ingress w/auth-url

 原文  2018-01-31 18:15:39       nginx/ kubernetes/ google-compute-engine/ google-kubernetes-engine

Question

I wish I could have found my answer elsewhere, but the lack of documentation has sent me groveling for help :)

I have been following this tutorial as a starting point. I can follow the steps through to the end with great success. But when I modify the ingress to do what I am trying to accomplish, nothing happens.

The tutorial has you create an ingress with the following .yaml 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: basic-ingress
spec:
  backend:
    serviceName: nginx
    servicePort: 80

What I am trying to do is modify the ingress so that it can utilize the auth-url annotation and in the end my ingress.yaml I am failing with looks like 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: basic-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/auth-url: https://someauth.com/path/to/my/auth
spec:
  backend:
    serviceName: nginx
    servicePort: 80

In order to use the annotation, I found that I needed to include the kubernetes.io/ingress.class: "nginx" annotation to use the appropriate ingress. Basically though, this does nothing. I can hit the backend nginx cluster without my auth getting touched. Like these annotations are not even there.

Does GKE not support the nginx ingress controller? Is something fundamentally wrong with my yaml? Does the gce ingress controller have an annotation that could accomplish the same thing?

What I am trying to accomplish is: A client makes a call to my service, the loadbalancer/proxy first authenticates the request with an external endpoint, if auth is successful, the proxy sends the call along to my service (all without a single redirect response sent to the client). Basically what nginx auth_request does which is what I assume this auth-url annotation leverages under the covers.

Thanks!

1 answers

solution1
 2  2018-02-01 06:45:03

GKE has its own Ingress Controller. It is called GKE Ingress Controller. If you want to use Nginx Ingress Controller, you need to manage it yourself.

Looks like auth-url annotation works only on Nginx Ingress Controller. So, you have to run Nginx Ingress Controller first.

See this post on how to do that on GKE.

Hope it helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Request to URL defined with ingress.kubernetes.io/auth-url annotation is done with HTTP/1.0 Kubernetes - Ingress - Nginx : Forward query parameters from original request to auth-url How to pass headers to auth-url in nginx ingress Prevent Host Header Injection / Redirection in Google Kubernetes Engine ( GKE ) Ingress / FrontendConfig Sub-subdomain with nginx ingress on Kubernetes (GKE) Kubernetes Ingress Configuration are not updated on GKE cluster? Kubernetes in GKE - Nginx Ingress deployment - Public IP assigned to Ingress resource Can't get HTTP basic auth with Google Kubernetes Engien Nginx ingress controller kubernetes nginx ingress zipkin basic-auth nginx ingress w/ gke tcp loadbalancer and TLS certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM