[TOC] # 目录 ## 官方文档(English) > https://kubernetes.github.io/ingress-nginx/examples/auth/basic/ ## 安装 httpd-tools ```json yum install -y httpd-tools ``` ### 使用插件,生成一个基于Basic认证的用户和密码 ```json [eddie@localhost ~]# htpasswd -c auth eddie New password: Re-type new password: Adding password for user eddie [eddie@localhost ~]# cat auth eddie:$apr1$6RVK.Xps$HvQ0ZFQOhj7KMxE8TGvV91 ``` > TIPS：-c 参数会覆盖原有文件，若你存在其他账户不要使用, 另外 auth 不能修改其他命名 ## 认证信息是否添加 ```json [eddie@localhost ~]# kubectl describe secrets basic-auth -n elk Name: basic-auth Namespace: elk Labels: <none> Annotations: <none> Type: Opaque Data ==== auth: 43 bytes ``` ## 查看秘钥详细输出成yaml文件 ```json [eddie@localhost ~]# kubectl get secret basic-auth -o yaml -n elk apiVersion: v1 data: auth: YWRtaW46JGFwcjEkYm9TL3ZRY1EkTU1234560lwQW789VN5Q2ZLLg== kind: Secret metadata: creationTimestamp: "2020-09-04T07:03:23Z" name: basic-auth namespace: elk resourceVersion: "14553123" selfLink: /api/v1/namespaces/elk/secrets/basic-auth uid: 79d27f9d-abcd-123a-456b-94e1acee6d9a type: Opaque ``` ## 编辑认证参数 ```json [eddie@localhost ~]# kubectl edit ingress kibana -n elk # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"kibana","namespace":"elk"},"spec":{"rules":[{"host":"kibana.eddilee.cn","http":{"paths":[{"backend":{"serviceName":"kibana","servicePort":80},"path":"/"}]}}]}} nginx.ingress.kubernetes.io/auth-realm: Authentication Required - eddie nginx.ingress.kubernetes.io/auth-secret: basic-auth nginx.ingress.kubernetes.io/auth-type: basic nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/service-weight: "" creationTimestamp: "2020-09-02T06:13:44Z" generation: 2 name: kibana namespace: elk resourceVersion: "14553123" selfLink: /apis/extensions/v1beta1/namespaces/elk/ingresses/kibana uid: 264fdaee-ac8c-4440-9427-dacd9f754d91 spec: rules: - host: kibana.eddilee.cn http: paths: - backend: serviceName: kibana servicePort: 80 path: / tls: - hosts: - kibana.eddilee.cn secretName: kibana-secret0 status: loadBalancer: ingress: - ip: xx.xx.xx.xx ``` ### 主要参数 ```json nginx.ingress.kubernetes.io/auth-realm: Authentication Required - eddie nginx.ingress.kubernetes.io/auth-secret: basic-auth nginx.ingress.kubernetes.io/auth-type: basic ``` ## 效果图