amazon-web-services - 如何在入口控制器中为不同的目标创建不同的身份验证类型？

问题描述

我正在将 EKS 集群部署到 AWS 并使用 alb 入口控制器指向我的 K8S 服务。入口规范如下所示。

有两个目标path: /*和path: /es/*。而且我还配置alb.ingress.kubernetes.io/auth-type为cognito用作身份验证方法。

我的问题是如何auth-type为不同的目标配置不同的？我想使用cognitofor/*和nonefor /es/*。我怎样才能做到这一点？

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: sidecar
  namespace: default
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/group.name: sidecar
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/group.order: '1'
    alb.ingress.kubernetes.io/healthcheck-path: /health
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    # Auth
    alb.ingress.kubernetes.io/auth-type: cognito
    alb.ingress.kubernetes.io/auth-idp-cognito: '{"userPoolARN":"xxxx","userPoolClientID":"xxxx","userPoolDomain":"xxxx"}'
    alb.ingress.kubernetes.io/auth-scope: 'email openid aws.cognito.signin.user.admin'
    alb.ingress.kubernetes.io/certificate-arn: xxxx

spec:
  rules:
    - http:
        paths:
          - path: /es/*
            backend:
              serviceName: sidecar-entrypoint
              servicePort: 8080
          - path: /*
            backend:
              serviceName: server-entrypoint
              servicePort: 8081

标签： amazon-web-serviceskubernetesamazon-eks