Kubernetes oauth_proxy不接收标头信息

问题描述 投票:0回答:1

我正在运行Kubernetes集群(AKS),并且Nginx入口位于前面。对于授权,我使用Azure Active Directory和pusher / oauth2_proxy,如Nginx-ingress文档中建议的那样:

https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/

实际上,一切正常,除了我没有在标题中收到用户和电子邮件。在oauth2_proxy的文档中,提到我需要将-set-xauthrequest设置为true,(https://pusher.github.io/oauth2_proxy/configuration):

Option              Type    Description                                                                Default    
-set-auth request   bool    set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)   false

在后端,我运行了一个简单的Node.js Express应用程序,该应用程序应记录请求标头:

router.get('/', function (req, res) {
    console.log(req.headers);
    res.send('test');
});

oauth-deployment.yaml:

...
- args:
  - --provider=azure
  - --email-domain=*
  - --set-xauthrequest=true
  - --http-address=0.0.0.0:4180
  - --azure-tenant=mytenantid
  - --scope=openid
  - --pass-access-token=true
  - --set-xauthrequest=true
...

ingress.yaml(我将htttps替换为https):

...
annotations:
  nginx.ingress.kubernetes.io/rewrite-target: /$2
  nginx.ingress.kubernetes.io/ssl-redirect: "true"
  nginx.ingress.kubernetes.io/auth-response-headers: "Authorization"
  nginx.ingress.kubernetes.io/auth-url: "htttps://mydomain.com/oauth2/auth"
  nginx.ingress.kubernetes.io/auth-signin: "htttps://mydomain.com/oauth2/start?rd=$escaped_request_uri"
...

至少是我的标题:

{ 
   "host":"mydomain.com",
   "x-request-id":"12345abcde456",
   "x-real-ip":"165.xxx.xx.xx9",
   "x-forwarded-for":"165.xxx.xx.xx9",
   "x-forwarded-host":"mydomain.com",
   "x-forwarded-port":"443",
   "x-forwarded-proto":"https",
   "x-scheme":"https",
   ...
   "cookie":"_oauth2_proxy_0=UVWXY; _oauth2_proxy_1=ABCDEF|1582053159|FQAOD; 
}

为什么我的标题中没有用户和电子邮件?

kubernetes oauth-2.0 azure-active-directory nginx-ingress
1个回答
0
投票

oauth2_proxy.cfg文件标志pass_user_headers = true中设置。然后,您将可以看到用户并通过电子邮件发送标头。

nginx官方文档,nginx-ingress

Oauth2代理官方文档:oauth2

© www.soinside.com 2019 - 2024. All rights reserved.