Kubernetes Ingress认证 | Eddie'Blog
Kubernetes Ingress认证

Kubernetes Ingress认证

eddie 475 2020-09-04

目录

官方文档(English)

https://kubernetes.github.io/ingress-nginx/examples/auth/basic/

安装 httpd-tools

yum install -y httpd-tools

使用插件,生成一个基于Basic认证的用户和密码

[eddie@localhost ~]# htpasswd -c auth eddie
New password: 
Re-type new password: 
Adding password for user eddie

[eddie@localhost ~]# cat auth 
eddie:$apr1$6RVK.Xps$HvQ0ZFQOhj7KMxE8TGvV91

TIPS:-c 参数会覆盖原有文件,若你存在其他账户不要使用, 另外 auth 不能修改其他命名

认证信息是否添加

[eddie@localhost ~]# kubectl describe secrets basic-auth -n elk
Name:         basic-auth
Namespace:    elk
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
auth:  43 bytes

查看秘钥详细输出成yaml文件

[eddie@localhost ~]# kubectl get secret basic-auth -o yaml -n elk
apiVersion: v1
data:
  auth: YWRtaW46JGFwcjEkYm9TL3ZRY1EkTU1234560lwQW789VN5Q2ZLLg==
kind: Secret
metadata:
  creationTimestamp: "2020-09-04T07:03:23Z"
  name: basic-auth
  namespace: elk
  resourceVersion: "14553123"
  selfLink: /api/v1/namespaces/elk/secrets/basic-auth
  uid: 79d27f9d-abcd-123a-456b-94e1acee6d9a
type: Opaque

编辑认证参数

[eddie@localhost ~]# kubectl edit ingress kibana -n elk

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"kibana","namespace":"elk"},"spec":{"rules":[{"host":"kibana.eddilee.cn","http":{"paths":[{"backend":{"serviceName":"kibana","servicePort":80},"path":"/"}]}}]}}
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required - eddie
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/service-weight: ""
  creationTimestamp: "2020-09-02T06:13:44Z"
  generation: 2
  name: kibana
  namespace: elk
  resourceVersion: "14553123"
  selfLink: /apis/extensions/v1beta1/namespaces/elk/ingresses/kibana
  uid: 264fdaee-ac8c-4440-9427-dacd9f754d91
spec:
  rules:
  - host: kibana.eddilee.cn
    http:
      paths:
      - backend:
          serviceName: kibana
          servicePort: 80
        path: /
  tls:
  - hosts:
    - kibana.eddilee.cn
    secretName: kibana-secret0
status:
  loadBalancer:
    ingress:
    - ip: xx.xx.xx.xx

主要参数

nginx.ingress.kubernetes.io/auth-realm: Authentication Required - eddie
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-type: basic

效果图

图片.png


# Kubernetes