[英]Kubernetes nginx-ingress how to deal with routing in Express
[英]Nginx-ingress Kubernetes routing with basic auth
我无法在我的一条路径上设置基本身份验证。 我希望/auth
路径由基本身份验证保护,所有其他路径都不需要基本身份验证。 所以我创建了两个指向同一个后端的入口文件:
非授权入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: main-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /.*
backend:
serviceName: example-service
servicePort: 4000
认证入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: auth-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "false"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /auth
backend:
serviceName: example-service
servicePort: 4000
所有的秘密都设置正确。 我错过了什么,我怎样才能让它发挥作用?
尝试为需要身份验证的后端创建另一个服务:
main-ingress
包含不需要通过 nginx 进行身份验证的服务的规范,例如。 example-service
。auth-ingress
包含需要通过 nginx 进行身份验证(在我的情况下为基本)的服务的规范,例如。 身份验证服务。 您的auth-ingress
应如下所示:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: auth-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "false"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /auth
backend:
serviceName: auth-service
servicePort: <auth-service-port>
您也可以尝试在第一个入口尝试拒绝main-ingress
中的/auth
路径的流量。
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: main-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/configuration-snippet: |
location /auth {
deny all;
}
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /.*
backend:
serviceName: example-service
servicePort: 4000
看一下: ingress-nginx-issues , kubernetes-ingress-network-deny-some-paths , kubernetes-ingress-nginx-re-write-does-not-match 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.