創建認證文件
通過htpasswd工具生成用戶密碼文件
# htpasswd是apache httpd工具包中的工具
# 安裝htpasswd
## centos
yum install httpd-tools -y
## ubuntu
apt install apache2-utils -y
# 創建認證文件
[root@vm ~]# htpasswd -c authfile admin
New password:
Re-type new password:
Adding password for user admin
# 查看文件內容
[root@vm ~]# cat authfile
admin:$apr1$o3a5s2NV$KZAEAoFPQaTvaAta887lB1
創建secret
# 將authfile內容創建為名為basic-auth的secret
[root@vm ~]# kubectl -n apm create secret generic basic-auth --from-file=authfile
secret/basic-auth created
# 查看secret/basic-auth內容
[root@vm ~]# kubectl get secret/basic-auth -o yaml -n apm
apiVersion: v1
data:
authfile: YWRtaW46JGFwcjEkbzNhNXMyTlYkS1pBRUFvRlBRYVR2YUF0YTg4N2xCMQo=
kind: Secret
metadata:
creationTimestamp: "2020-04-10T09:21:55Z"
name: basic-auth
namespace: default
resourceVersion: "935267"
selfLink: /api/v1/namespaces/default/secrets/basic-auth
uid: b5b2c37d-b961-4e75-b43f-ccfbb72885e4
type: Opaque
創建ingress
注意:只有0.9.0以上版本的nginx-ingress-controller才支持basic認證。
# 配置主要通過ingres的annotations(注解)來定義
# nginx.ingress.kubernetes.io/auth-type 認證類型
# nginx.ingress.kubernetes.io/auth-secret 認證文件,也就是上面創建的secret名稱
# nginx.ingress.kubernetes.io/auth-realm 指定認證文件中的用戶(認證文件可以有多個用戶)
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: '"Authentication Required - admin"'
name: kibana
namespace: apm
spec:
rules:
- host: kibana.gisuni.dev
http:
paths:
- backend:
serviceName: kibana
servicePort: 5601
tls:
- hosts:
- kibana.gisuni.dev
secretName: gisuni-dev
訪問測試
- 瀏覽器訪問kibana.gisuni.dev
- 彈出basic auth認證框
- 輸入admin用戶和密碼后,可以正常訪問應用