nginx入口控制器-将基本身份验证应用于除一个路径之外的所有路径

问题描述 投票:0回答:1

这是this questionthis one的副本,但这些答案对我不起作用。

我正在将Nginx入口控制器与EKS结合使用。我希望所有路由一个除外受基本身份验证保护。一条路由完全不应该进行身份验证。

这是我的入口规则。在除一条路由之外的所有路由上的身份验证都可以正常工作,但是当我尝试击中不应经过身份验证的一条路由时,我会收到网关超时。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: banana-ingress1
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /


spec:
  rules:
  - host: banana.example.org
    http:
      paths:
      - path: /api/v1/ecslog
        backend:
          serviceName: banana-service
          servicePort: 5678
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: banana-ingress2
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /

    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: banana-auth
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - test'      

spec:
  rules:
  - host: banana.example.org
    http:
      paths:
      - path: /
        backend:
          serviceName: banana-service
          servicePort: 5678

转发控制器:

kubectl port-forward nginx-ingress-controller-controller-65466d6f67-cvpbh 2112:80

在另一个窗口中测试:

# most routes are protected:
$ curl -I -H "Host: banana.example.org" -H "X-Forwarded-Proto: https" -H "X-Forwarded-Port: 443" http://localhost:2112/foo/bar/baz
HTTP/1.1 401 Unauthorized
Server: openresty/1.15.8.2
Date: Sat, 18 Jan 2020 20:10:08 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
WWW-Authenticate: Basic realm="Authentication Required - test"

但是一个不应该受到保护的路由(期望值为200)却返回网关超时(504):

$ curl -I -H "Host: banana.example.org" -H "X-Forwarded-Proto: https" -H "X-Forwarded-Port: 443" http://localhost:2112/api/v1/ecslog
HTTP/1.1 504 Gateway Time-out
Server: openresty/1.15.8.2
Date: Sat, 18 Jan 2020 20:11:05 GMT
Content-Type: text/html
Content-Length: 173
Connection: keep-alive

就像无法找到控制该路线的规则一样?

我已经尝试过反转入口对象的顺序,并且没有什么区别。

并且为了使事情变得更有趣,当我为经过身份验证的路由提供正确的凭据时,我仍然收到401:

$ curl -u 'foo:bar' -I -H "Host: banana.example.org" -H "X-Forwarded-Proto: https" -H "X-Forwarded-Port: 443" http://localhost:2112/
HTTP/1.1 401 Unauthorized
Server: openresty/1.15.8.2
Date: Sat, 18 Jan 2020 20:30:52 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
WWW-Authenticate: Basic realm="Authentication Required - test"
nginx kubernetes basic-authentication nginx-ingress
1个回答
0
投票

似乎是关于我的集群的某些配置错误。从全新的集群和全新安装的入口控制器开始,此操作正常。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.