3

I've the below nginx conf file to redirect all the requests (by default) to /auth (of my service) and then get back a response header (foo_id). This header will be forwarded to the original request URI triggered by user. The below works properly with the nginx. ...

location / 
{
    auth_request /auth;
    auth_request_set $foo_id $upstream_http_foo_id;
    proxy_pass    $request_uri
    proxy_set_header X-foo-Token $foo_id;
    root   html;
    index  index.html index.htm;
}

location /auth 
{
    internal;
    proxy_pass   https://myhost/myservice;
    proxy_pass_request_body off;
    proxy_set_header        Content-Length "";
    proxy_set_header        X-Original-URI $request_uri;
}

But I need the corresponding ingress rules/annotations that are required to achieve the above use case. I couldn't get the respective auth/proxy-pass related annotations. Kindly help out.

4

1 回答 1

3

您可以使用Nginx Ingress Annotations来实现此目标。

简而言之:

假设您有一个外部身份验证服务,该服务配置了一个 Kubernetes 服务。您需要一个注释,它将身份验证请求发送到此服务:

nginx.ingress.kubernetes.io/auth-url: http://auth-service.<NameSpace>.svc.cluster.local/auth

此外,您可以使用nginx.ingress.kubernetes.io/auth-snippet注释为身份验证请求设置自定义配置,例如

nginx.ingress.kubernetes.io/auth-snippet: |
    auth_request_set $foo_id $upstream_http_foo_id;
    proxy_pass    $request_uri
    proxy_set_header X-foo-Token $foo_id;

如果您需要在成功的身份验证时返回一些标头,您可以使用nginx.ingress.kubernetes.io/auth-response-headers

nginx.ingress.kubernetes.io/auth-response-headers:  X-Auth

并且,nginx.ingress.kubernetes.io/auth-signin指定自定义错误页面

于 2018-12-28T15:14:07.513 回答