GKE Ingress 基本身份验证 (ingress.kubernetes.io/auth-type)
GKE Ingress Basic Authentication (ingress.kubernetes.io/auth-type)
我正在尝试让 GKE 入口要求像这样的基本身份验证 example from github.
入口工作正常。它路由到服务。但是身份验证不起作用。允许所有流量通过。 GKE 还没有推出这个功能吗?我的规格有明显错误吗?
这是入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: super-ingress
annotations:
ingress.kubernetes.io/auth-type: basic
ingress.kubernetes.io/auth-secret: basic-auth
ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
rules:
- host: zzz.host.com
http:
paths:
- backend:
serviceName: super-service
servicePort: 9000
path: /*
还有basic-auth秘密:
$ kubectl get secret/basic-auth -o yaml
apiVersion: v1
data:
auth: XXXXXXXXXXXXXXXXXXX
kind: Secret
metadata:
creationTimestamp: 2016-10-03T21:21:52Z
name: basic-auth
namespace: default
resourceVersion: "XXXXX"
selfLink: /api/v1/namespaces/default/secrets/basic-auth
uid: XXXXXXXXXXX
type: Opaque
非常感谢任何见解!
您链接的示例是针对 nginx 入口控制器的。 GKE 使用 GLBC,不支持 auth.
您可以 deploy an nginx ingress controller in your gke cluster. Note that you need to annotate your ingress to avoid the GLBC claiming the ingress. Then you can expose the nginx controller directly, or create a glbc ingress to redirect traffic to the nginx ingress (see this snippet 由 bprashanh 编写)。
我正在尝试让 GKE 入口要求像这样的基本身份验证 example from github.
入口工作正常。它路由到服务。但是身份验证不起作用。允许所有流量通过。 GKE 还没有推出这个功能吗?我的规格有明显错误吗?
这是入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: super-ingress
annotations:
ingress.kubernetes.io/auth-type: basic
ingress.kubernetes.io/auth-secret: basic-auth
ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
rules:
- host: zzz.host.com
http:
paths:
- backend:
serviceName: super-service
servicePort: 9000
path: /*
还有basic-auth秘密:
$ kubectl get secret/basic-auth -o yaml
apiVersion: v1
data:
auth: XXXXXXXXXXXXXXXXXXX
kind: Secret
metadata:
creationTimestamp: 2016-10-03T21:21:52Z
name: basic-auth
namespace: default
resourceVersion: "XXXXX"
selfLink: /api/v1/namespaces/default/secrets/basic-auth
uid: XXXXXXXXXXX
type: Opaque
非常感谢任何见解!
您链接的示例是针对 nginx 入口控制器的。 GKE 使用 GLBC,不支持 auth.
您可以 deploy an nginx ingress controller in your gke cluster. Note that you need to annotate your ingress to avoid the GLBC claiming the ingress. Then you can expose the nginx controller directly, or create a glbc ingress to redirect traffic to the nginx ingress (see this snippet 由 bprashanh 编写)。