如何在 nginx ingress 中对特定的 HTTP 方法进行基本身份验证?
How can I put basic auth on specific HTTP methods in ngnix ingress?
我可以使用基本身份验证创建入口。我遵循了 kubernetes/ingress-nginx:
中的模板
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: http-svc
servicePort: 80
它工作正常,但我需要允许 'OPTIONS' 方法在没有基本身份验证的情况下进行飞行前请求。关于如何操作的任何指示都会非常有帮助。
我刚遇到同样的问题。我使用配置片段解决了它。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-cors-auth-ingress
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
# fix cors issues of ingress when using external auth service
if ($request_method = OPTIONS) {
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
more_set_headers "Access-Control-Allow-Credentials: true";
more_set_headers "Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS";
more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization";
more_set_headers "Access-Control-Allow-Origin: $http_origin";
more_set_headers "Access-Control-Max-Age: 600";
nginx.ingress.kubernetes.io/auth-url: "http://auth-service.default.svc.cluster.local:80"
我可以使用基本身份验证创建入口。我遵循了 kubernetes/ingress-nginx:
中的模板apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-with-auth
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: http-svc
servicePort: 80
它工作正常,但我需要允许 'OPTIONS' 方法在没有基本身份验证的情况下进行飞行前请求。关于如何操作的任何指示都会非常有帮助。
我刚遇到同样的问题。我使用配置片段解决了它。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-cors-auth-ingress
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
# fix cors issues of ingress when using external auth service
if ($request_method = OPTIONS) {
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
more_set_headers "Access-Control-Allow-Credentials: true";
more_set_headers "Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS";
more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization";
more_set_headers "Access-Control-Allow-Origin: $http_origin";
more_set_headers "Access-Control-Max-Age: 600";
nginx.ingress.kubernetes.io/auth-url: "http://auth-service.default.svc.cluster.local:80"