我正在使用Istio-1.0.6来实现身份验证/授权。我正在尝试使用Jason Web令牌(JWT)。我遵循了文档中的大多数示例,但没有得到预期的结果。这是我的设置:
服务
kubectl describe services hello
Name: hello
Namespace: agud
Selector: app=hello
Type: ClusterIP
IP: 10.247.173.177
Port: <unset> 8080/TCP
TargetPort: 8080/TCP
Endpoints: 172.16.0.193:8080
Session Affinity: None
网关
kubectl describe gateway
Name: hello-gateway
Namespace: agud
Kind: Gateway
Metadata:
Cluster Name:
Creation Timestamp: 2019-03-15T13:40:43Z
Resource Version: 1374497
Self Link:
/apis/networking.istio.io/v1alpha3/namespaces/agud/gateways/hello-gateway
UID: ee483065-4727-11e9-a712-fa163ee249a9
Spec:
Selector:
Istio: ingressgateway
Servers:
Hosts:
*
Port:
Name: http
Number: 80
Protocol: HTTP
虚拟服务
kubectl describe virtualservices
Name: hello
Namespace: agud
API Version: networking.istio.io/v1alpha3
Kind: VirtualService
Metadata:
Cluster Name:
Creation Timestamp: 2019-03-18T07:38:52Z
Generation: 0
Resource Version: 2329507
Self Link:
/apis/networking.istio.io/v1alpha3/namespaces/agud/virtualservices/hello
UID: e099b560-4950-11e9-82a1-fa163ee249a9
Spec:
Gateways:
hello-gateway
Hosts:
*
Http:
Match:
Uri:
Exact: /hello
Uri:
Exact: /secured
Route:
Destination:
Host: hello.agud.svc.cluster.local
Port:
Number: 8080
政策
kubectl describe policies
Name: jwt-hello
Namespace: agud
API Version: authentication.istio.io/v1alpha1
Kind: Policy
Metadata:
Cluster Name:
Creation Timestamp: 2019-03-18T07:45:33Z
Generation: 0
Resource Version: 2331381
Self Link:
/apis/authentication.istio.io/v1alpha1/namespaces/agud/policies/jwt-hello
UID: cf9ed2aa-4951-11e9-9f64-fa163e804eca
Spec:
Origins:
Jwt:
Audiences:
hello
Issuer: testing@secure.istio.io
Jwks Uri: https://raw.githubusercontent.com/istio/istio/release-1.0/security/tools/jwt/samples/jwks.json
Principal Binding: USE_ORIGIN
Targets:
Name: hello.agud.svc.cluster.local
结果
我期望得到401错误,但我却得到200错误。我的配置出了什么问题以及如何解决?
curl $INGRESS_HOST/hello -s -o /dev/null -w "%{http_code}\n"
200
答案 0 :(得分:0)
(删除了原始答案,这是错误的)。
你有
Port: <unset> 8080/TCP
为实现Istio路由和安全性,必须将端口名称设置为http或http-
我尝试使用Istio 1.1。我得到的是503,而不是401。