我正在尝试获取GKE入口以要求基本身份验证example from github.
入口工作正常。它路由到服务。但身份验证不起作用。允许所有流量通过。 GKE还没有推出这个功能吗?我的规格显然有些不对劲?
这是入口:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: super-ingress
annotations:
ingress.kubernetes.io/auth-type: basic
ingress.kubernetes.io/auth-secret: basic-auth
ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
rules:
- host: zzz.host.com
http:
paths:
- backend:
serviceName: super-service
servicePort: 9000
path: /*
basic-auth秘密:
$ kubectl get secret/basic-auth -o yaml
apiVersion: v1
data:
auth: XXXXXXXXXXXXXXXXXXX
kind: Secret
metadata:
creationTimestamp: 2016-10-03T21:21:52Z
name: basic-auth
namespace: default
resourceVersion: "XXXXX"
selfLink: /api/v1/namespaces/default/secrets/basic-auth
uid: XXXXXXXXXXX
type: Opaque
非常感谢任何见解!
答案 0 :(得分:7)
您链接的示例是针对nginx入口控制器。 GKE使用GLBC,它不支持身份验证。
你可以在你的gke集群中deploy一个nginx入口控制器。请注意,您需要annotate您的入口以避免GLBC声称入口。然后你可以直接公开nginx控制器,或者创建一个glbc ingress来将流量重定向到nginx入口(参见bprashanh写的snippet)。
答案 1 :(得分:0)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/auth-realm: Authentication Required - foo
ingress.kubernetes.io/auth-secret: basic-auth
ingress.kubernetes.io/auth-type: basic
ingress.kubernetes.io/backends: '{"k8s-be-30972--96da70c6fd3c641b":"HEALTHY","k8s-be-31046--96da70c6fd3c641b":"HEALTHY","k8s-be-31655--96da70c6fd3c641b":"HEALTHY"}'
ingress.kubernetes.io/forwarding-rule: k8s-fw-default-fanout-ingress--96da70c6fd3c641b
ingress.kubernetes.io/target-proxy: k8s-tp-default-fanout-ingress--96da70c6fd3c641b
ingress.kubernetes.io/url-map: k8s-um-default-fanout-ingress--96da70c6fd3c641b
creationTimestamp: 2019-05-30T21:28:34Z
generation: 1
name: fanout-ingress
namespace: default
resourceVersion: "31579511"
selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/fanout-ingress
uid: e1477897-8321-11e9-a171-42010a800166
spec:
rules:
- http:
paths:
- backend:
serviceName: web
servicePort: 8080
path: /*
- backend:
serviceName: web2
servicePort: 8080
path: /v2/*
status:
loadBalancer:
ingress:
- ip: *****```