K8S笔记之ingress增加验证


创建账户密码

  • 生成密码

    PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"
    
  • 生成hash值

    docker run --rm --entrypoint htpasswd httpd:2 -Bbn username password >> auth
    

修改ingress

nginx.ingress.kubernetes.io/auth-realm='Authentication Required '
nginx.ingress.kubernetes.io/auth-type=basic
nginx.ingress.kubernetes.io/auth-secret=basic-auth
nginx.ingress.kubernetes.io/auth-secret-type=auth-map

Authorization请求头传递到后端server

现有一个 django server 需要根据不同用户名配置不同的权限, django 可以通过 request.META.get("HTTP_AUTHORIZATION") 获取basic auth 时的用户信息, 但默认 Authorization 请求头无法直接传递到后端, 所以需要配置

nginx.ingress.kubernetes.io/configuration-snippet: |
    proxy_set_header Authorization $http_authorization;
    proxy_pass_header Authorization;

参考资料:

  • https://serverfault.com/questions/977426/how-to-keep-authentication-header-with-redirect-using-nginx-ingress-annotations

  • https://github.com/kubernetes/dashboard/issues/5105

参考资料

作者: honmaple
链接: https://honmaple.me/articles/2021/07/K8S笔记之ingress增加验证.html
版权: 知识共享署名-非商业性使用-相同方式共享4.0国际许可协议
wechat