Question

使用带有k8s spi和uaa的scdf2作为安全服务器，我从pod收到401 http错误代码，因为有关运行状况过程的安全配置存在一些错误

Scdf2窗格始终运行

Readiness probe failed: HTTP probe failed with statuscode: 401

日志说：

2019-08-06 11:56:01.299 DEBUG 1 --- [nio-8080-exec-6] o.a.coyote.http11.Http11InputBuffer      : Received [GET /management/health HTTP/1.1
Host: 10.36.0.1:8080
User-Agent: kube-probe/1.14
Accept-Encoding: gzip
Connection: close
]
2019-08-06 11:56:01.299 DEBUG 1 --- [nio-8080-exec-6] o.a.c.authenticator.AuthenticatorBase    : Security checking request GET /management/health
2019-08-06 11:56:01.299 DEBUG 1 --- [nio-8080-exec-6] org.apache.catalina.realm.RealmBase      :   No applicable constraints defined
2019-08-06 11:56:01.300 DEBUG 1 --- [nio-8080-exec-6] o.a.c.authenticator.AuthenticatorBase    :  Not subject to any constraint
2019-08-06 11:56:01.300 DEBUG 1 --- [nio-8080-exec-6] org.apache.tomcat.util.http.Parameters   : Set encoding to UTF-8
2019-08-06 11:56:01.302 DEBUG 1 --- [nio-8080-exec-6] o.a.c.c.C.[Tomcat].[localhost]           : Processing ErrorPage[errorCode=0, location=/error]

嗯... No applicable constraints defined 然后，文档说：

Securing the Spring Boot Management Endpoints When security is enabled, the Spring Boot HTTP Management Endpoints are secured the same way as the other REST endpoints. The management REST endpoints are available under /management and require the MANAGEMENT role.

然后，使用UAA启用安全性，就绪性和活动性始终返回401 http错误代码

template:
    metadata:
      labels:
        app: {{ template "scdf.name" . }}
        component: server
        release: "{{ .Release.Name }}"
    spec:
      containers:
      - name: {{ template "scdf.fullname" . }}-server
        image: {{ .Values.server.image }}:{{ .Values.server.version }}
        imagePullPolicy: {{ .Values.server.imagePullPolicy }}
        volumeMounts:
          - name: database
            mountPath: /etc/secrets/database
            readOnly: true
        ports:
        - containerPort: 8080
          name: http
        resources:
{{ toYaml .Values.server.resources | indent 10 }}
        livenessProbe:
          httpGet:
            path: /management/health
            port: http
          initialDelaySeconds: 150
          periodSeconds: 15
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: /management/health
            port: http
          initialDelaySeconds: 60
          periodSeconds: 15
          timeoutSeconds: 5
        env:

我需要在哪里检查配置？

如果我愿意

# curl  http://localhost:9393/management/health
{"timestamp":"2019-08-06T14:11:44.335+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/management/health"}

然后，如果我删除 -GET / management / ** => hasRole（'ROLE_MANAGE'）从configmaps是否有效？有什么帮助吗？

scdf2运行状况使用UAA返回401

0 个答案: