GKE入口基本身份验证(ingress.kubernetes.io/auth-type) [英] GKE Ingress Basic Authentication (ingress.kubernetes.io/auth-type)
问题描述
我正在尝试获取GKE入口以要求像这样的基本身份验证 还有 任何见解都将不胜感激! 您链接的示例适用于nginx入口控制器. GKE使用 GLBC ,它不支持auth.>
您可以部署中的nginx入口控制器您的gke集群.请注意,您需要注释您的入口,以避免GLBC声称入口.然后,您可以直接公开nginx控制器,或创建glbc入口以将流量重定向到nginx入口(请参阅此片段由bprashanh编写.) I'm trying to get a GKE ingress to require basic auth like this example from github. The ingress works fine. It routes to the service. But the authentication isn't working. Allows all traffic right through. Has GKE not rolled this feature out yet? Something obviously wrong in my specs? Here's the ingress: And the Any insights are greatly appreciated! The example you linked to is for nginx ingress controller. GKE uses GLBC, which doesn't support auth. You can deploy an nginx ingress controller in your gke cluster. Note that you need to annotate your ingress to avoid the GLBC claiming the ingress. Then you can expose the nginx controller directly, or create a glbc ingress to redirect traffic to the nginx ingress (see this snippet written by bprashanh). 这篇关于GKE入口基本身份验证(ingress.kubernetes.io/auth-type)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!basic-auth
机密:$ kubectl get secret/basic-auth -o yaml
apiVersion: v1
data:
auth: XXXXXXXXXXXXXXXXXXX
kind: Secret
metadata:
creationTimestamp: 2016-10-03T21:21:52Z
name: basic-auth
namespace: default
resourceVersion: "XXXXX"
selfLink: /api/v1/namespaces/default/secrets/basic-auth
uid: XXXXXXXXXXX
type: Opaque
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: super-ingress
annotations:
ingress.kubernetes.io/auth-type: basic
ingress.kubernetes.io/auth-secret: basic-auth
ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
rules:
- host: zzz.host.com
http:
paths:
- backend:
serviceName: super-service
servicePort: 9000
path: /*
basic-auth
secret:$ kubectl get secret/basic-auth -o yaml
apiVersion: v1
data:
auth: XXXXXXXXXXXXXXXXXXX
kind: Secret
metadata:
creationTimestamp: 2016-10-03T21:21:52Z
name: basic-auth
namespace: default
resourceVersion: "XXXXX"
selfLink: /api/v1/namespaces/default/secrets/basic-auth
uid: XXXXXXXXXXX
type: Opaque