nginx - 如何在 Kubernetes 中为 HashiCorp Vault UI 设置入口
问题描述
我刚刚在我的 Kubernetes 集群上安装了一个 HashiCorp Vault。我希望它通过我现有的入口控制器工作,所以我使用下面的 yaml 创建了一个新的入口规则:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: vault-ingress
namespace: vault
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /vault
backend:
serviceName: vault
servicePort: 8200
我的服务运行如下:
apiVersion: v1
kind: Service
metadata:
name: vault
namespace: vault
labels:
module: vault
spec:
selector:
module: vault
ports:
- port: 8200
targetPort: 8200
但是,当我尝试访问我的 URL 时:http://ingress.domain/vault/ui
出现错误的空白页面
13.72.65.96/:24 GET http://ingress.domain/ui/assets/vendor-854d73b9f9351c0ff2e27f8821dfcd09.js net::ERR_ABORTED 404 (Not Found)
13.72.65.96/:25 GET http://ingress.domain/ui/assets/vault-f8ac2e61e061b2fb490b6ad79fcd5c1f.js net::ERR_ABORTED 404 (Not Found)
13.72.65.96/:15 GET http://ingress.domain/ui/assets/vendor-895fbba1663c3b4fe68755a3fb7ae7b4.css net::ERR_ABORTED 404 (Not Found)
13.72.65.96/:16 GET http://ingress.domain/ui/assets/vault-8ed265cce923599eca663b1bb2e4a83f.css net::ERR_ABORTED 404 (Not Found)
13.72.65.96/:25 GET http://ingress.domain/ui/assets/vault-f8ac2e61e061b2fb490b6ad79fcd5c1f.js net::ERR_ABORTED 404 (Not Found)
favicon-68e1a9c89026b0efeddf718a48c282a5.png:1
GET http://ingress.domain/ui/favicon-68e1a9c89026b0efeddf718a48c282a5.png 404 (Not Found)
我的配置图:
apiVersion: v1
kind: ConfigMap
metadata:
name: vault
namespace: vault
labels:
module: vault
data:
config.json : '{
"ui": "true",
"disable_mlock": "true",
"api_addr": "http://127.0.0.1:8200/vault",
"listener": [
{
"tcp": {
"address": "0.0.0.0:8200",
"tls_disable": 1
}
}
]
}'
部署
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault
namespace: vault
labels:
module: vault
spec:
selector:
matchLabels:
module: vault
replicas: 1
template:
metadata:
labels:
module: vault
spec:
containers:
- name: vault
image: vault
imagePullPolicy: "Always"
command: ["/bin/sh", "-c"]
args:
- vault server -config /vault/config/config.json
securityContext:
capabilities:
add:
- IPC_LOCK
volumeMounts:
- name: configurations
mountPath: /vault/config/config.json
subPath: config.json
env:
- name: VAULT_ADDR
value: "http://localhost:8200/vault/"
ports:
- containerPort: 8200
imagePullSecrets:
- name: regcred
volumes:
- name: configurations
configMap:
name: vault
如何在 Kubernetes 中为 Vault UI 设置入口?我的 Ingress 有一个域,所以 UI(和其他服务)应该是:http://ingress.domain/ {service name}。我需要 Vault UI http://ingress.domain/vault
解决方案
我在Vault 论坛上得到了回复:
这是(目前)不可能的。Vault 的 UI(和 API)无法使用域子路径。
推荐阅读
- c++ - 一维数组和三维数组使用一个模板
- angular - 尝试使用 webpack 构建 angular4 旧项目但失败
- c++ - 调整窗口大小时出现奇怪的伪影
- swift - 按顺序执行文本转语音
- javascript - 在javascript中将签名字段添加到pdf
- kotlin - org.springframework.data.mapping.MappingException 与 Kotlin 和密封类
- json - 尽管请求 JSON,Dynamic 365 API 仅返回 XML
- java - Windows 上的 Java 编译器不会创建可执行文件,只有 .class
- javascript - 如何在一定量的反应后使反应消失?
- node.js - 如何在我的 Flutter 应用程序中获取服务器发送事件?