如何将authenticatedEmailIds传递到头盔图表稳定版/ oauth2_proxy?

时间:2019-07-31 22:42:36

标签: kubernetes-helm

我正在使用命令

安装以下头盔图表https://github.com/helm/charts/tree/master/stable/oauth2-proxy 
helm install --name authproxy \
    --namespace=ingress \
    --set config.clientID=<github oauth app client id> \
    --set config.clientSecret=<github oauth app client secret> \
    --set config.cookieSecret=<some secret>  \
    --set extraArgs.provider=github \
    --set authenticatedEmailsFile.enabled=true \
    --set authenticatedEmailsFile.restricted_access="abc@gmail.com" \
    stable/oauth2-proxy

所有k8资源均已正确创建,并且oauth2_proxy正在保护我在此代理后面运行的服务。但是它允许所有github用户(因为oauth提供者是github),而不是只允许访问abc@gmail.com。为什么会这样呢?

头盔版 客户端:&version.Version {SemVer:“ v2.12.1”,GitCommit:“ 02a47c7249b1fc6d8fd3b94e6b4babf9d818144e”,GitTreeState:“ clean”} 服务器:&version.Version {SemVer:“ v2.12.1”,GitCommit:“ 02a47c7249b1fc6d8fd3b94e6b4babf9d818144e”,GitTreeState:“干净”}

Kubectl版本 客户端版本:version.Info {主要:“ 1”,次要:“ 10”,GitVersion:“ v1.10.11”,GitCommit:“ 637c7e288581ee40ab4ca210618618a89a555b6e7e9”,GitTreeState:“ clean”,BuildDate:“ 2018-11-26T14:38: 32Z“,GoVersion:” go1.9.3“,编译器:” gc“,平台:” windows / amd64“} 服务器版本:version.Info {主要:“ 1”,次要:“ 12”,GitVersion:“ v1.12.8”,GitCommit:“ a89f8c11a5f4f132503edbc4918c98518fd504e3”,GitTreeState:“ clean”,BuildDate:“ 2019-04-23T04:41: 47Z“,GoVersion:” go1.10.8“,编译器:” gc“,平台:” linux / amd64“}

kubectl描述cm authproxy-oauth2-proxy-accesslist -n入口给了我

Name:         authproxy-oauth2-proxy-accesslist
Namespace:    ingress
Labels:       app=oauth2-proxy
              chart=oauth2-proxy-0.13.0
              heritage=Tiller
              release=authproxy
Annotations:  <none>

Data
====
restricted_user_access:
----
abc@gmail.com
Events:  <none>

kubectl描述部署authproxy-oauth2-proxy -n入口给我:

Name:                   authproxy-oauth2-proxy
Namespace:              ingress
CreationTimestamp:      Wed, 31 Jul 2019 23:35:58 +0200
Labels:                 app=oauth2-proxy
                        chart=oauth2-proxy-0.13.0
                        heritage=Tiller
                        release=authproxy
Annotations:            deployment.kubernetes.io/revision=1
Selector:               app=oauth2-proxy,release=authproxy
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:       app=oauth2-proxy
                release=authproxy
  Annotations:  checksum/config=e2b420ec4978f9c8f5691b15c79b15a60c864499ad729df2776dca63a745aecc
                checksum/config-emails=4c24c472d9e274c18876d8a01f14a126b741d92942e4531c18fd288b86d648ad
                checksum/google-secret=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                checksum/secret=b00f895c2fa3a3bc6028a660998b9872bee7c8aeb70b1bbe50183b65a06e1666
  Containers:
   oauth2-proxy:
    Image:      quay.io/pusher/oauth2_proxy:v3.2.0
    Port:       4180/TCP
    Host Port:  0/TCP
    Args:
      --http-address=0.0.0.0:4180
      --provider=github
      --config=/etc/oauth2_proxy/oauth2_proxy.cfg
      --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list
    Liveness:   http-get http://:http/ping delay=0s timeout=1s period=10s #success=1 #failure=3
    Readiness:  http-get http://:http/ping delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:
      OAUTH2_PROXY_CLIENT_ID:      <set to the key 'client-id' in secret 'authproxy-oauth2-proxy'>      Optional: false
      OAUTH2_PROXY_CLIENT_SECRET:  <set to the key 'client-secret' in secret 'authproxy-oauth2-proxy'>  Optional: false
      OAUTH2_PROXY_COOKIE_SECRET:  <set to the key 'cookie-secret' in secret 'authproxy-oauth2-proxy'>  Optional: false
    Mounts:
      /etc/oauth2-proxy from configaccesslist (ro)
      /etc/oauth2_proxy from configmain (rw)
  Volumes:
   configmain:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      authproxy-oauth2-proxy
    Optional:  false
   configaccesslist:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      authproxy-oauth2-proxy-accesslist
    Optional:  false
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Progressing    True    NewReplicaSetAvailable
  Available      True    MinimumReplicasAvailable
OldReplicaSets:  authproxy-oauth2-proxy-559b67cb45 (1/1 replicas created)
NewReplicaSet:   <none>
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  44m   deployment-controller  Scaled up replica set authproxy-oauth2-proxy-559b67cb45 to 1

我应该如何向此头盔图提供参数,以使其仅允许访问authenticateEmailList中提到其电子邮件ID的用户?

0 个答案:

没有答案
相关问题
最新问题