Lighthouse CI - 无法为 Terraform K8s 部署设置身份验证
Lighthouse CI - Unable to set Authentication for Terraform K8s Deployment
我正在尝试使用 Terraform K8s 部署 (https://github.com/GoogleChrome/lighthouse-ci/blob/main/docs/server.md#basic-authentication) 设置 Lighthouse CI 身份验证,但我一直收到 403 错误。我已尝试以下步骤,但收到相同的消息。
仅供参考,password 设置自 kubectl_manifest resourece
- 使用来自
kubernetes_deployment resource 的 Terraform 集 ENV
env {
name = "LHCI_BASIC_AUTH__USERNAME"
value = "username"
}
env {
name = "LHCI_BASIC_AUTH__PASSWORD"
value_from {
secret_key_ref {
name = "password"
key = "password"
}
}
}
- 使用来自
kubernetes_deployment 资源(https://www.runatlantis.io/docs/security.html#enable-authentication-on-atlantis-web-server) 的 Terraform Set ENV 的不同方法
env {
name = "ATLANTIS_WEB_BASIC_AUTH"
value = "true"
}
env {
name = "ATLANTIS_WEB_USERNAME"
value = "user"
}
env {
name = "LHCI_BASIC_AUTH__PASSWORD"
value_from {
secret_key_ref {
name = "password"
key = "password"
}
}
}
使用 Helm Chart 和 Terraform helm_release 资源 - https://artifacthub.io/packages/helm/cowboysysop/lighthouse-ci
查看源代码后 - https://github.com/cowboysysop/charts/blob/a12e738a57977c7c6e84cb219ae6967fddae266e/charts/lighthouse-ci/values.yaml#L201 - env var 本示例中使用的名称 3.1 看起来不正确。
- 3.1 设置环境
resource "helm_release" "lhci" {
name = "lhci"
chart = "lighthouse-ci"
repository = "https://cowboysysop.github.io/charts/"
namespace = "lhci"
set {
name = "basicAuth.username"
value = "user"
}
set {
name = "basicAuth.password"
value = "password"
}
}
- 3.2 设置 ENV(使用不同的 ENV 命名约定)
resource "helm_release" "lhci" {
name = "lhci"
chart = "lighthouse-ci"
repository = "https://cowboysysop.github.io/charts/"
namespace = "lhci"
set {
name = "basicAuthUsername"
value = "user"
}
set {
name = "basicAuthPassword"
value = "password"
}
}
以上步骤一直导致同样的错误。启用身份验证的正确方法是什么?
谢谢!
这可能特定于我的情况,但我采用了第一种方法并将 readiness_probe 的 http_get 路径从 / 更改为 /healthz。问题已解决。
例如
readiness_probe {
http_get {
path = "/healthz"
port = "9001"
}
}
我正在尝试使用 Terraform K8s 部署 (https://github.com/GoogleChrome/lighthouse-ci/blob/main/docs/server.md#basic-authentication) 设置 Lighthouse CI 身份验证,但我一直收到 403 错误。我已尝试以下步骤,但收到相同的消息。
仅供参考,password 设置自 kubectl_manifest resourece
- 使用来自
kubernetes_deploymentresource 的 Terraform 集
ENV
env {
name = "LHCI_BASIC_AUTH__USERNAME"
value = "username"
}
env {
name = "LHCI_BASIC_AUTH__PASSWORD"
value_from {
secret_key_ref {
name = "password"
key = "password"
}
}
}
- 使用来自
kubernetes_deployment资源(https://www.runatlantis.io/docs/security.html#enable-authentication-on-atlantis-web-server) 的 Terraform Set
ENV 的不同方法
env {
name = "ATLANTIS_WEB_BASIC_AUTH"
value = "true"
}
env {
name = "ATLANTIS_WEB_USERNAME"
value = "user"
}
env {
name = "LHCI_BASIC_AUTH__PASSWORD"
value_from {
secret_key_ref {
name = "password"
key = "password"
}
}
}
使用
HelmChart和 Terraformhelm_release资源 - https://artifacthub.io/packages/helm/cowboysysop/lighthouse-ci查看源代码后 - https://github.com/cowboysysop/charts/blob/a12e738a57977c7c6e84cb219ae6967fddae266e/charts/lighthouse-ci/values.yaml#L201 -
envvar本示例中使用的名称3.1看起来不正确。
- 3.1 设置环境
resource "helm_release" "lhci" {
name = "lhci"
chart = "lighthouse-ci"
repository = "https://cowboysysop.github.io/charts/"
namespace = "lhci"
set {
name = "basicAuth.username"
value = "user"
}
set {
name = "basicAuth.password"
value = "password"
}
}
- 3.2 设置 ENV(使用不同的 ENV 命名约定)
resource "helm_release" "lhci" {
name = "lhci"
chart = "lighthouse-ci"
repository = "https://cowboysysop.github.io/charts/"
namespace = "lhci"
set {
name = "basicAuthUsername"
value = "user"
}
set {
name = "basicAuthPassword"
value = "password"
}
}
以上步骤一直导致同样的错误。启用身份验证的正确方法是什么?
谢谢!
这可能特定于我的情况,但我采用了第一种方法并将 readiness_probe 的 http_get 路径从 / 更改为 /healthz。问题已解决。
例如
readiness_probe {
http_get {
path = "/healthz"
port = "9001"
}
}