kubernetes入口前的oauth_proxy显示错误403 [英] oauth_proxy in front of kubernetes ingress showing error 403
问题描述
我正在尝试使用oauth2_proxy保护作为LB公开的应用程序,我根据需要创建了2个入口资源,一个用于运行oauth2_proxy,另一个用于访问要通过身份验证保护的应用程序.请参阅链接[ https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/oauth-external-auth] .我已按照此链接中所述的确切过程进行操作.
I am trying to secure my application exposed as LB using oauth2_proxy, I have created 2 ingress resources as required one for running the oauth2_proxy and another for accessing my application which is to be secured through authentication. Refer link [https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/oauth-external-auth]. I have followed the exact process as mentioned in this link.
当我在浏览器中点击我的FQDN或域名时,它要求进行身份验证,并且在身份验证成功后我会收到错误消息
When I hit my FQDN or Domain Name in browser it asks for authentication and upon successful authentication I get error
2019/07/25 14:09:56 oauthproxy.go:830: 10.244.2.76:36094 ("10.240.0.5") Cookie "_oauth2_proxy" not present
2019/07/25 14:09:57 oauthproxy.go:788: 10.244.2.76:36088 ("10.240.0.5") Permission Denied: "" is unauthorized
2019/07/25 14:09:57 oauthproxy.go:532: ErrorPage 403 Permission Denied Invalid Account
由于身份验证成功,我希望成功重定向到我的应用程序服务.我该如何实现?
I expect to successfully redirected to my application service as authentication is successful. How can I achieve this?
推荐答案
从日志来看,您似乎可以使用github应用程序进行身份验证,但是当应用程序类型出现时,通常会出现"_oauth2_proxy"不存在的错误不是"oauth"代理.
It seems from the log that you are able to use the github application for authentication, but the error that "_oauth2_proxy" is not present usually occurs when the application type is not an "oauth" proxy.
请检查您创建的应用程序是否是oauth应用程序,否则请确定.
Please check if the application that you have created is an oauth application or not just to be sure.
这篇关于kubernetes入口前的oauth_proxy显示错误403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
