Rancher中为Ingress增加HTTP(Basic Authentication)基本认证机制


Rancher中为Ingress增加HTTP(Basic Authentication)基本认证机制

Basic Authentication (HTTP 认证)

Basic Authentication 是最简单的 http 认证方式,采用用户名和密码的方式,用户名和密码以 secret 的方式存放在 kubernetes 中。

创建Secret


密码需要需要通过htpasswd工具生成,在线生成

注意:密码需要通过htpasswd工具生成

为目标服务设置 ingress

# 配置主要通过ingres的annotations(注解)来定义
# nginx.ingress.kubernetes.io/auth-type 认证类型
# nginx.ingress.kubernetes.io/auth-secret 认证文件,也就是上面创建的secret名称
# nginx.ingress.kubernetes.io/auth-realm  指定认证文件中的用户(认证文件可以有多个用户)
# nginx.ingress.kubernetes.io/auth-secret-type: [auth-file|auth-map] 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    field.cattle.io/creatorId: user-9frt4
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required - foo
    nginx.ingress.kubernetes.io/auth-secret: es-auth
    nginx.ingress.kubernetes.io/auth-secret-type: auth-map
    nginx.ingress.kubernetes.io/auth-type: basic
  creationTimestamp: "2021-12-08T00:50:16Z"
  generation: 3
  labels:
    cattle.io/creator: norman
  managedFields:
  - apiVersion: networking.k8s.io/v1beta1
    fieldsType: FieldsV1
    fieldsV1:
      f:status:
        f:loadBalancer:
          f:ingress: {}
    manager: nginx-ingress-controller
    operation: Update
    time: "2021-12-08T00:51:14Z"
  - apiVersion: extensions/v1beta1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:field.cattle.io/creatorId: {}
          f:field.cattle.io/ingressState: {}
          f:field.cattle.io/publicEndpoints: {}
          f:nginx.ingress.kubernetes.io/auth-realm: {}
          f:nginx.ingress.kubernetes.io/auth-secret: {}
          f:nginx.ingress.kubernetes.io/auth-secret-type: {}
          f:nginx.ingress.kubernetes.io/auth-type: {}
        f:labels:
          .: {}
          f:cattle.io/creator: {}
      f:spec:
        f:rules: {}
        f:tls: {}
    manager: rancher
    operation: Update
    time: "2021-12-08T02:07:25Z"
  name: es
  namespace: default
  resourceVersion: "47107769"
  uid: 813a5b1a-5582-473b-a25a-432fb2ef8090

auth-secret可以有两种形式:

  1. auth-file-默认情况下,密钥auth内的htpasswd文件为秘密
  2. auth-map -机密密钥是用户名,值是哈希密码
注意:只有0.9.0以上版本的nginx-ingress-controller才支持basic认证。

声明:初心|版权所有,违者必究|如未注明,均为原创|本网站采用BY-NC-SA协议进行授权

转载:转载请注明原文链接 - Rancher中为Ingress增加HTTP(Basic Authentication)基本认证机制


愿你勿忘初心,并从一而终