Rancher中为Ingress增加HTTP(Basic Authentication)基本认证机制
Basic Authentication (HTTP 认证)
Basic Authentication 是最简单的 http 认证方式,采用用户名和密码的方式,用户名和密码以 secret 的方式存放在 kubernetes 中。
创建Secret
密码需要需要通过htpasswd工具生成,在线生成
注意:密码需要通过htpasswd工具生成
为目标服务设置 ingress
# 配置主要通过ingres的annotations(注解)来定义
# nginx.ingress.kubernetes.io/auth-type 认证类型
# nginx.ingress.kubernetes.io/auth-secret 认证文件,也就是上面创建的secret名称
# nginx.ingress.kubernetes.io/auth-realm 指定认证文件中的用户(认证文件可以有多个用户)
# nginx.ingress.kubernetes.io/auth-secret-type: [auth-file|auth-map]
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
field.cattle.io/creatorId: user-9frt4
nginx.ingress.kubernetes.io/auth-realm: Authentication Required - foo
nginx.ingress.kubernetes.io/auth-secret: es-auth
nginx.ingress.kubernetes.io/auth-secret-type: auth-map
nginx.ingress.kubernetes.io/auth-type: basic
creationTimestamp: "2021-12-08T00:50:16Z"
generation: 3
labels:
cattle.io/creator: norman
managedFields:
- apiVersion: networking.k8s.io/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:loadBalancer:
f:ingress: {}
manager: nginx-ingress-controller
operation: Update
time: "2021-12-08T00:51:14Z"
- apiVersion: extensions/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:field.cattle.io/creatorId: {}
f:field.cattle.io/ingressState: {}
f:field.cattle.io/publicEndpoints: {}
f:nginx.ingress.kubernetes.io/auth-realm: {}
f:nginx.ingress.kubernetes.io/auth-secret: {}
f:nginx.ingress.kubernetes.io/auth-secret-type: {}
f:nginx.ingress.kubernetes.io/auth-type: {}
f:labels:
.: {}
f:cattle.io/creator: {}
f:spec:
f:rules: {}
f:tls: {}
manager: rancher
operation: Update
time: "2021-12-08T02:07:25Z"
name: es
namespace: default
resourceVersion: "47107769"
uid: 813a5b1a-5582-473b-a25a-432fb2ef8090auth-secret可以有两种形式:
- auth-file-默认情况下,密钥auth内的htpasswd文件为秘密
- auth-map -机密密钥是用户名,值是哈希密码
Comments | NOTHING