Nginx入口Kubernetes路由与基本身份验证

尝试为需要身份验证的后端创建另一个服务：

1. main-ingress包含不需要通过nginx进行身份验证的服务规范，例如example-service
2. auth-ingress包含需要通过nginx例如auth服务进行身份验证(在我的情况下是基本的(的服务的规范

您的auth-ingress应该看起来像：

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: auth-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "false"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /auth
backend:
serviceName: auth-service
servicePort: <auth-service-port>

您也可以在第一个入口尝试拒绝main-ingress中/auth路径的流量。

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: main-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/configuration-snippet: |

location /auth {
deny all;  
}
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /.*
backend:
serviceName: example-service
servicePort: 4000

看看：ingress nginx问题，kubernetes ingress网络拒绝一些路径，kubernet ingress ngimx重写不匹配。