authentication - K8s -> nginx 入口：SSO

问题描述

我有一项具有 HTTP 基本身份验证的服务。在它前面我有 nginx Ingress，它也有 basic-auth。如何在使用 Ingress 登录后将 Authorization 标头与凭据附加，以实现单点登录？

这是我的 Ingress 的配置：

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
    nginx.ingress.kubernetes.io/auth-secret: kibana-user-basic-auth
    nginx.ingress.kubernetes.io/auth-type: basic
  name: kibana-user
  namespace: {{.Release.Namespace}}
spec:
  tls:
  - secretName: kibana-tls
    hosts:
    - {{.Values.ingress.user.host}}
  rules:
  - host: {{.Values.ingress.user.host}}
    http:
      paths:
      - backend:
          serviceName: kibana-logging
          servicePort: {{ .Values.kibana.service.internalPort }}
        path: /

标签： authenticationkubernetessingle-sign-onnginx-ingress

您可以使用注释将标头nginx.ingress.kubernetes.io/configuration-snippet: proxy_set_header Authorization $http_authorization;转发Authorization到后端服务。

Ingress 资源应如下所示

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
    nginx.ingress.kubernetes.io/auth-secret: kibana-user-basic-auth
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/configuration-snippet: "proxy_set_header Authorization $http_authorization;"
  name: kibana-user
  namespace: {{.Release.Namespace}}
spec:
  tls:
  - secretName: kibana-tls
    hosts:
    - {{.Values.ingress.user.host}}
  rules:
  - host: {{.Values.ingress.user.host}}
    http:
      paths:
      - backend:
          serviceName: kibana-logging
          servicePort: {{ .Values.kibana.service.internalPort }}
        path: /

authentication - K8s -> nginx 入口：SSO

问题描述

解决方案

推荐阅读