参考官网:https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
在master(server1): yum install -y httpd-tools安装工具 Ingress认证配置
[kubeadm@server1 ~]$ cd mainfest/ [kubeadm@server1 mainfest]$ htpasswd -c auth red ##创建用户认证文件,-c会覆盖 New password: Re-type new password: Adding password for user red [kubeadm@server1 mainfest]$ ls auth cronjob.yml deployment.yml ingress.yml job.yml pod2.yml rs.yml tls.crt tls.yml calico.yaml daemonset.yml deploy.yaml init.yml kube-flannel.yml pod.yml service.yml tls.key [kubeadm@server1 mainfest]$ kubectl create secret generic basic-auth --from-file=auth secret/basic-auth created ##通过secret卷使认证注入容器 [kubeadm@server1 mainfest]$ kubectl get secrets NAME TYPE DATA AGE basic-auth Opaque 1 12s default-token-5qqxc kubernetes.io/service-account-token 3 8d tls-secret kubernetes.io/tls 2 14h [kubeadm@server1 mainfest]$ kubectl get secrets basic-auth -o yaml apiVersion: v1 data: auth: cmVkOiRhcHIxJEdmMU9Tb3JqJG5jUy9TZGFrRkxsbThwejZtNDdhLzAK kind: Secret metadata: creationTimestamp: "2020-06-27T09:51:46Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:data: .: {} f:auth: {} f:type: {} manager: kubectl operation: Update time: "2020-06-27T09:51:46Z" name: basic-auth namespace: default resourceVersion: "361577" selfLink: /api/v1/namespaces/default/secrets/basic-auth uid: 08b86093-539a-4c39-9a05-b7e9fbb9ec41 type: Opaque [kubeadm@server1 mainfest]$ kubectl describe secrets basic-auth Name: basic-auth Namespace: default Labels: <none> Annotations: <none> Type: Opaque Data ==== auth: 42 bytes[kubeadm@server1 mainfest]$ cat pod2.yml apiVersion: apps/v1 kind: Deployment metadata: name: deployment-example spec: replicas: 2 selector: matchLabels: app: myappv1 template: metadata: labels: app: myappv1 spec: containers: - name: myappv1 image: myapp:v1 --- apiVersion: apps/v1 kind: Deployment metadata: name: deployment-example2 spec: replicas: 2 selector: matchLabels: app: myappv2 template: metadata: labels: app: myappv2 spec: containers: - name: myappv2 image: myapp:v2 [kubeadm@server1 mainfest]$ kubectl apply -f pod2.yml [kubeadm@server1 mainfest]$ cat service.yml kind: Service apiVersion: v1 metadata: name: myservice spec: ports: - protocol: TCP port: 80 targetPort: 80 selector: app: myappv1 type: ClusterIP --- kind: Service apiVersion: v1 metadata: name: myservice2 spec: ports: - protocol: TCP port: 80 targetPort: 80 selector: app: myappv2 type: ClusterIP [kubeadm@server1 mainfest]$ kubectl apply -f service.yml [kubeadm@server1 mainfest]$ vim secret.yml [kubeadm@server1 mainfest]$ cat secret.yml apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: ingress-with-auth annotations: # type of authentication nginx.ingress.kubernetes.io/auth-type: basic # name of the secret that contains the user/password definitions nginx.ingress.kubernetes.io/auth-secret: basic-auth # message to display with an appropriate context why the authentication is required nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - red' spec: rules: - host: www1.red.org http: paths: - path: / backend: serviceName: myservice servicePort: 80 [kubeadm@server1 mainfest]$ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8d myservice ClusterIP 10.110.45.54 <none> 80/TCP 15h myservice2 ClusterIP 10.103.62.115 <none> 80/TCP 15h [kubeadm@server1 mainfest]$ kubectl apply -f secret.yml ingress.networking.k8s.io/ingress-with-auth created [kubeadm@server1 mainfest]$ kubectl get ingress NAME CLASS HOSTS ADDRESS PORTS AGE ingress-with-auth <none> www1.red.org 80 39s [kubeadm@server1 mainfest]$ kubectl describe ingress ingress-with-auth Name: ingress-with-auth Namespace: default Address: 172.25.1.3 Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>) Rules: Host Path Backends ---- ---- -------- www1.red.org / myservice:80 (10.244.1.59:80,10.244.2.85:80) Annotations: nginx.ingress.kubernetes.io/auth-realm: Authentication Required - red nginx.ingress.kubernetes.io/auth-secret: basic-auth nginx.ingress.kubernetes.io/auth-type: basic Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CREATE 49s nginx-ingress-controller Ingress default/ingress-with-auth Normal UPDATE 7s nginx-ingress-controller Ingress default/ingress-with-auth
访问:
访问:
参考官网:https://kubernetes.github.io/ingress-nginx/examples/rewrite/
annotations参数
访问不一样的url,重定向不同的中断
[kubeadm@server1 mainfest]$ vim rewrite.yml [kubeadm@server1 mainfest]$ cat rewrite.yml apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/app-root:: /hostname.html ##当访问域名是直接访问此页面 name: approot namespace: default spec: rules: - host: www2.red.org http: paths: - backend: serviceName: myservice2 servicePort: 80 path: / [kubeadm@server1 mainfest]$ kubectl apply -f rewrite.yml ingress.networking.k8s.io/approot created [kubeadm@server1 mainfest]$ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 12d myservice ClusterIP 10.111.37.16 <none> 80/TCP 44m myservice2 ClusterIP 10.103.206.141 <none> 80/TCP 44m [kubeadm@server1 mainfest]$ kubectl describe ingress approot Name: approot Namespace: default Address: 172.25.1.3 Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>) Rules: Host Path Backends ---- ---- -------- www2.red.org / myservice2:80 (10.244.1.73:80,10.244.2.91:80) Annotations: nginx.ingress.kubernetes.io/app-root: /hostname.html Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal CREATE 19m nginx-ingress-controller Ingress default/approot Normal UPDATE 5m28s (x3 over 18m) nginx-ingress-controller Ingress default/approot
在此入口定义中,(。*)捕获的所有字符都将分配给占位符$ 2,然后将其用作重写目标注释中的参数
[kubeadm@server1 mainfest]$ kubectl -n ingress-nginx get pod NAME READY STATUS RESTARTS AGE ingress-nginx-admission-create-lp2pr 0/1 Completed 0 3d15h ingress-nginx-admission-patch-nxchx 0/1 Completed 1 3d15h ingress-nginx-controller-4vq57 1/1 Running 0 3d15h [kubeadm@server1 mainfest]$ kubectl -n ingress-nginx exec -it ingress-nginx-controller-4vq57 -- sh /etc/nginx $ ls fastcgi.conf koi-utf modsecurity owasp-modsecurity-crs uwsgi_params.default fastcgi.conf.default koi-win modules scgi_params win-utf fastcgi_params lua nginx.conf scgi_params.default fastcgi_params.default mime.types nginx.conf.default template geoip mime.types.default opentracing.json uwsgi_params /etc/nginx $ vi nginx.conf[kubeadm@server1 mainfest]$ kubectl get pod NAME READY STATUS RESTARTS AGE deployment-example-6ffc7db887-k2lv6 1/1 Running 0 80m deployment-example-6ffc7db887-v56ff 1/1 Running 0 80m deployment-example2-7b87677f64-cllvq 1/1 Running 0 80m deployment-example2-7b87677f64-r9smq 1/1 Running 0 80m my-nginx-56794ff6cb-5qxlq 1/1 Running 0 94m [kubeadm@server1 mainfest]$ kubectl exec -it deployment-example-6ffc7db887-k2lv6 -- sh / # cd /etc/nginx/ /etc/nginx # ls conf.d fastcgi_params.default mime.types.default scgi_params win-utf fastcgi.conf koi-utf modules scgi_params.default fastcgi.conf.default koi-win nginx.conf uwsgi_params fastcgi_params mime.types nginx.conf.default uwsgi_params.default /etc/nginx # vi nginx.conf /etc/nginx # cd conf.d/ /etc/nginx/conf.d # ls default.conf /etc/nginx/conf.d # vi default.conf
访问的顺序是:
user -> ingress-nginx -> svc -> pod