[TOC]
# 目录
## 官方文档(English)
> https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
## 安装 httpd-tools
```json
yum install -y httpd-tools
```
### 使用插件,生成一个基于Basic认证的用户和密码
```json
[eddie@localhost ~]# htpasswd -c auth eddie
New password:
Re-type new password:
Adding password for user eddie
[eddie@localhost ~]# cat auth
eddie:$apr1$6RVK.Xps$HvQ0ZFQOhj7KMxE8TGvV91
```
> TIPS:-c 参数会覆盖原有文件,若你存在其他账户不要使用, 另外 auth 不能修改其他命名
## 认证信息是否添加
```json
[eddie@localhost ~]# kubectl describe secrets basic-auth -n elk
Name: basic-auth
Namespace: elk
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
auth: 43 bytes
```
## 查看秘钥详细输出成yaml文件
```json
[eddie@localhost ~]# kubectl get secret basic-auth -o yaml -n elk
apiVersion: v1
data:
auth: YWRtaW46JGFwcjEkYm9TL3ZRY1EkTU1234560lwQW789VN5Q2ZLLg==
kind: Secret
metadata:
creationTimestamp: "2020-09-04T07:03:23Z"
name: basic-auth
namespace: elk
resourceVersion: "14553123"
selfLink: /api/v1/namespaces/elk/secrets/basic-auth
uid: 79d27f9d-abcd-123a-456b-94e1acee6d9a
type: Opaque
```
## 编辑认证参数
```json
[eddie@localhost ~]# kubectl edit ingress kibana -n elk
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"kibana","namespace":"elk"},"spec":{"rules":[{"host":"kibana.eddilee.cn","http":{"paths":[{"backend":{"serviceName":"kibana","servicePort":80},"path":"/"}]}}]}}
nginx.ingress.kubernetes.io/auth-realm: Authentication Required - eddie
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/service-weight: ""
creationTimestamp: "2020-09-02T06:13:44Z"
generation: 2
name: kibana
namespace: elk
resourceVersion: "14553123"
selfLink: /apis/extensions/v1beta1/namespaces/elk/ingresses/kibana
uid: 264fdaee-ac8c-4440-9427-dacd9f754d91
spec:
rules:
- host: kibana.eddilee.cn
http:
paths:
- backend:
serviceName: kibana
servicePort: 80
path: /
tls:
- hosts:
- kibana.eddilee.cn
secretName: kibana-secret0
status:
loadBalancer:
ingress:
- ip: xx.xx.xx.xx
```
### 主要参数
```json
nginx.ingress.kubernetes.io/auth-realm: Authentication Required - eddie
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-type: basic
```
## 效果图

Kubernetes Ingress认证