GKE入口基本身份验证(ingress.kubernetes.io/auth-type) [英] GKE Ingress Basic Authentication (ingress.kubernetes.io/auth-type)

问题描述

我正在尝试获取GKE入口以要求像这样的基本身份验证

还有basic-auth机密:

$ kubectl get secret/basic-auth -o yaml

apiVersion: v1
data:
  auth: XXXXXXXXXXXXXXXXXXX
kind: Secret
metadata:
  creationTimestamp: 2016-10-03T21:21:52Z
  name: basic-auth
  namespace: default
  resourceVersion: "XXXXX"
  selfLink: /api/v1/namespaces/default/secrets/basic-auth
  uid: XXXXXXXXXXX
type: Opaque

任何见解都将不胜感激！

解决方案

您链接的示例适用于nginx入口控制器. GKE使用 GLBC ，它不支持auth.

您可以部署中的nginx入口控制器您的gke集群.请注意，您需要注释您的入口，以避免GLBC声称入口.然后，您可以直接公开nginx控制器，或创建glbc入口以将流量重定向到nginx入口(请参阅此片段由bprashanh编写.)

I'm trying to get a GKE ingress to require basic auth like this example from github.

The ingress works fine. It routes to the service. But the authentication isn't working. Allows all traffic right through. Has GKE not rolled this feature out yet? Something obviously wrong in my specs?

Here's the ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: super-ingress
  annotations:
    ingress.kubernetes.io/auth-type: basic
    ingress.kubernetes.io/auth-secret: basic-auth
    ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
  rules:
  - host: zzz.host.com
    http:
      paths:
      - backend:
          serviceName: super-service
          servicePort: 9000
        path: /*

And the basic-auth secret:

$ kubectl get secret/basic-auth -o yaml

apiVersion: v1
data:
  auth: XXXXXXXXXXXXXXXXXXX
kind: Secret
metadata:
  creationTimestamp: 2016-10-03T21:21:52Z
  name: basic-auth
  namespace: default
  resourceVersion: "XXXXX"
  selfLink: /api/v1/namespaces/default/secrets/basic-auth
  uid: XXXXXXXXXXX
type: Opaque

Any insights are greatly appreciated!

解决方案

The example you linked to is for nginx ingress controller. GKE uses GLBC, which doesn't support auth.

You can deploy an nginx ingress controller in your gke cluster. Note that you need to annotate your ingress to avoid the GLBC claiming the ingress. Then you can expose the nginx controller directly, or create a glbc ingress to redirect traffic to the nginx ingress (see this snippet written by bprashanh).

这篇关于GKE入口基本身份验证(ingress.kubernetes.io/auth-type)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！