openshift - 密码保护应用程序

问题描述

⚠️我是openshift的n00b

对于我正在处理的项目，我正在尝试对代理后面的节点应用程序进行密码保护。

这是我正在使用的模板：

apiVersion: v1
kind: Template
metadata:
  name: next.js app config
parameters:
  - name: CLIENT
    description: The name of the client owning the project
    required: true
  - name: PROJECT
    description: The project name
    required: true
  - name: PART
    description: The part of the project (i.e. cockpit, app, mobile, server, …)
    required: true
  - name: PROJECT_NAME
    description: The name of the ******* project to add the project to
    required: true
  - name: IMAGE_NAME
    description: The name of the image on the ******* registery
    required: true
  - name: HOSTNAME
    description: The hostname on which the project should be deployed to
    required: true
  - name: DEPLOY_PATH
    description: The path to which the project should be deployed to
    value: ""
  - name: ENVIRONMENT
    description: The environment of this project version
    value: staging
  - name: PORT
    description: The port on which the container will run
    value: "3000"
objects:
  - apiVersion: v1
    kind: DeploymentConfig
    metadata:
      name: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
      labels:
        app: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
        customer: ${CLIENT}
        environment: ${ENVIRONMENT}
    spec:
      replicas: 1
      revisionHistoryLimit: 3
      selector:
        app: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
        customer: ${CLIENT}
        deploymentconfig: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
      strategy:
        activeDeadlineSeconds: 21600
        resources: {}
        rollingParams:
          intervalSeconds: 1
          maxSurge: 25%
          maxUnavailable: 25%
          timeoutSeconds: 600
          updatePeriodSeconds: 1
        type: Rolling
      template:
        metadata:
          labels:
            app: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
            customer: ${CLIENT}
            environment: ${ENVIRONMENT}
            deploymentconfig: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
        spec:
          containers:
            - env:
              image: >-
                docker-registry.default.svc:5000/${PROJECT_NAME}/${IMAGE_NAME}
              imagePullPolicy: IfNotPresent
              name: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
              ports:
                - containerPort: ${{PORT}}
                  protocol: TCP
              resources:
                limits:
                  cpu: 100m
                  memory: 128Mi
                requests:
                  cpu: 50m
                  memory: 64Mi
              terminationMessagePath: /dev/termination-log
              terminationMessagePolicy: File
            - env:
              - name: BASIC_AUTH_USERNAME
                  value: admin
                - name: BASIC_AUTH_PASSWORD
                  value: password
                - name: FORWARD_PORT
                  value: ${PORT}
                - name: FORWARD_HOST
                  value: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}.********
              image: xscys/nginx-sidecar-basic-auth
              imagePullPolicy: Always
              name: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}-proxy
              ports:
                - containerPort: 8000
                  protocol: TCP
              resources:
                limits:
                  cpu: 100m
                  memory: 128Mi
                requests:
                  cpu: 50m
                  memory: 64Mi
          dnsPolicy: ClusterFirst
          restartPolicy: Always
          schedulerName: default-scheduler
          securityContext: {}
          terminationGracePeriodSeconds: 30
      test: false
      triggers:
        - imageChangeParams:
            containerNames:
              - ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
            from:
              kind: ImageStreamTag
              name: ${IMAGE_NAME}
              namespace: ${PROJECT_NAME}
          type: ImageChange
  - apiVersion: v1
    kind: Service
    metadata:
      name: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}-SERVICE
      labels:
        app: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
        customer: ${CLIENT}
        environment: ${ENVIRONMENT}
    spec:
      ports:
        - name: 8000-tcp
          port: {8000}
          protocol: TCP
          targetPort: 8000
      selector:
        app: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
        customer: ${CLIENT}
        deploymentconfig: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
      sessionAffinity: None
      type: ClusterIP
  - apiVersion: v1
    kind: Route
    metadata:
      name: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}-ROUTE
      labels:
        app: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}
        customer: ${CLIENT}
        environment: ${ENVIRONMENT}
      annotations:
        kubernetes.io/tls-acme: "true"
    spec:
      host: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}.***********
      path: "/"
      port:
        port: 8000               
        protocol: TCP
        targetPort: 8000
      to:
        kind: Service
        name: ${CLIENT}-${PROJECT}-${ENVIRONMENT}-${PART}-SERVICE
        weight: 100
      wildcardPolicy: None

我正在使用这个 Docker 镜像xsc/nginx-sidecar-basic-auth，它使用 Nginx 作为代理并在它之上构建。

不知道我在这里做错了什么（可能是路由），但主路由总是将我直接重定向到节点应用程序而不是代理

• update1：​​我认为通过自动重新部署，之前创建的服务和路由会自动更新，但这是不可能的。我会尝试删除它们，看看是否有帮助。

标签： openshiftopenshift-enterprise