04月
03

为ingress发布的服务增加Basic 认证访问

发表于 字数统计 295 阅读时长 ≈ 2
文章目录
  1. 1. 添加秘钥
  2. 2、添加 Ingress 转发规则
  3. 3、访问服务

暂无描述内容

1. 添加秘钥

1、生成秘钥

1
2
➜  term_workspace htpasswd -nb 'admin' 'xxxxxx' | base64
xxxxxxxxxxxxxxxxxxxxxx

登录用户 admin,记录base64加密后的登录密码 xxxxxxxxxxxxxxxxxxxxxx

在服务所在命名空间,添加凭证

1
2
3
4
5
6
7
8
9
➜  term_workspace cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: basic-auth
data:
  auth: "YWRtaW46JGFwcjEkY3lMdld0ak4kYzdyWUg3Ri5mVFl4d01WeE4waFZ1LwoK"
EOF

2、添加 Ingress 转发规则

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
➜  term_workspace cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cerebro
  annotations:
    kubernetes.io/ingress.class: "nginx"
    # 增加注解
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
    
    # 如果是traefik
    # kubernetes.io/ingress.class: "traefik"
    # traefik.ingress.kubernetes.io/auth-type: basic
    # traefik.ingress.kubernetes.io/auth-secret: basic-auth
    # traefik.ingress.kubernetes.io/auth-realm: "Authentication Required"
 
spec:
  rules:
  - host: cerebro.bohai.com
    http:
      paths:
      - path: /
        backend:
          service:
            name: cerebro
            port:
              number: 9000
        pathType: ImplementationSpecific
EOF
1
2
3
4
nginx.ingress.kubernetes.io/auth-type: basic 
nginx.ingress.kubernetes.io/auth-secret: basic-auth 

指定了认证的方式为 Basic,认证秘钥为 basic-auth

3、访问服务

在访问主机上添加 hosts 指向集群主机,域名即为 Ingress 中配置的 hosts,这里是cerebro.bohai.com

文章看完了?有疑问想评论?看不到评论框?刷新试试呗?