文章目录
1.Ingress认证配置
参考官网:https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
1.1 配置认证auth
在master(server1):
yum install -y httpd-tools
安装工具
Ingress认证配置
[kubeadm@server1 ~]$ cd mainfest/
[kubeadm@server1 mainfest]$ htpasswd -c auth red ##创建用户认证文件,-c会覆盖
New password:
Re-type new password:
Adding password for user red
[kubeadm@server1 mainfest]$ ls
auth cronjob.yml deployment.yml ingress.yml job.yml pod2.yml rs.yml tls.crt tls.yml
calico.yaml daemonset.yml deploy.yaml init.yml kube-flannel.yml pod.yml service.yml tls.key
[kubeadm@server1 mainfest]$ kubectl create secret generic basic-auth --from-file=auth
secret/basic-auth created ##通过secret卷使认证注入容器
[kubeadm@server1 mainfest]$ kubectl get secrets
NAME TYPE DATA AGE
basic-auth Opaque 1 12s
default-token-5qqxc kubernetes.io/service-account-token 3 8d
tls-secret kubernetes.io/tls 2 14h
[kubeadm@server1 mainfest]$ kubectl get secrets basic-auth -o yaml
apiVersion: v1
data:
auth: cmVkOiRhcHIxJEdmMU9Tb3JqJG5jUy9TZGFrRkxsbThwejZtNDdhLzAK
kind: Secret
metadata:
creationTimestamp: "2020-06-27T09:51:46Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {
}
f:auth: {
}
f:type: {
}
manager: kubectl
operation: Update
time: "2020-06-27T09:51:46Z"
name: basic-auth
namespace: default
resourceVersion: "361577"
selfLink: /api/v1/namespaces/default/secrets/basic-auth
uid: 08b86093-539a-4c39-9a05-b7e9fbb9ec41
type: Opaque
[kubeadm@server1 mainfest]$ kubectl describe secrets basic-auth
Name: basic-auth
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
auth: 42 bytes
[kubeadm@server1 mainfest]$ cat pod2.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-example
spec:
replicas: 2
selector:
matchLabels:
app: myappv1
template:
metadata:
labels:
app: myappv1
spec:
containers:
- name: myappv1
image: myapp:v1
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-example2
spec:
replicas: 2
selector:
matchLabels:
app: myappv2
template:
metadata:
labels:
app: myappv2
spec:
containers:
- name: myappv2
image: myapp:v2
[kubeadm@server1 mainfest]$ kubectl apply -f pod2.yml
[kubeadm@server1 mainfest]$ cat service.yml
kind: Service
apiVersion: v1
metadata:
name: myservice
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myappv1
type: ClusterIP
---
kind: Service
apiVersion: v1
metadata:
name: myservice2
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
selector:
app: myappv2
type: ClusterIP
[kubeadm@server1 mainfest]$ kubectl apply -f service.yml
[kubeadm@server1 mainfest]$ vim secret.yml
[kubeadm@server1 mainfest]$ cat secret.yml
apiVersion: networking.k8s.io/v1beta1
kind: