Kubernetes(K8S)（九）——ingress认证配置、地址重写

本文链接：https://blog.youkuaiyun.com/Aimee_c/article/details/107056416

本文详细介绍了如何在Kubernetes中配置Ingress的认证，包括BasicAuth和TLS加密认证，并探讨了如何实现会话保持。同时，文章还涵盖了Ingress的地址重写功能，包括重定向应用程序根路径和流量重定向到特定URI的策略，提供了具体的配置步骤和官方参考链接。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

文章目录

1.Ingress认证配置
2.Ingress地址重写
- 2.1 重定向应用程序根
- 2.2 流量重定向到目标URI

1.Ingress认证配置

参考官网：https://kubernetes.github.io/ingress-nginx/examples/auth/basic/

1.1 配置认证auth

在master(server1)：
yum install -y httpd-tools安装工具
在这里插入图片描述
Ingress认证配置

[kubeadm@server1 ~]$ cd mainfest/
[kubeadm@server1 mainfest]$  htpasswd -c auth red ##创建用户认证文件，-c会覆盖
New password: 
Re-type new password: 
Adding password for user red
[kubeadm@server1 mainfest]$ ls
auth         cronjob.yml    deployment.yml  ingress.yml  job.yml           pod2.yml  rs.yml       tls.crt  tls.yml
calico.yaml  daemonset.yml  deploy.yaml     init.yml     kube-flannel.yml  pod.yml   service.yml  tls.key
[kubeadm@server1 mainfest]$  kubectl create secret generic basic-auth --from-file=auth 
secret/basic-auth created ##通过secret卷使认证注入容器
[kubeadm@server1 mainfest]$ kubectl get secrets 
NAME                  TYPE                                  DATA   AGE
basic-auth            Opaque                                1      12s
default-token-5qqxc   kubernetes.io/service-account-token   3      8d
tls-secret            kubernetes.io/tls                     2      14h
[kubeadm@server1 mainfest]$ kubectl get secrets basic-auth -o yaml
apiVersion: v1
data:
  auth: cmVkOiRhcHIxJEdmMU9Tb3JqJG5jUy9TZGFrRkxsbThwejZtNDdhLzAK
kind: Secret
metadata:
  creationTimestamp: "2020-06-27T09:51:46Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {
   
   }
        f:auth: {
   
   }
      f:type: {
   
   }
    manager: kubectl
    operation: Update
    time: "2020-06-27T09:51:46Z"
  name: basic-auth
  namespace: default
  resourceVersion: "361577"
  selfLink: /api/v1/namespaces/default/secrets/basic-auth
  uid: 08b86093-539a-4c39-9a05-b7e9fbb9ec41
type: Opaque
[kubeadm@server1 mainfest]$ kubectl describe secrets basic-auth 
Name:         basic-auth
Namespace:    default
Labels:       <none>
Annotations:  <none>
Type:  Opaque
Data
====
auth:  42 bytes

在这里插入图片描述

[kubeadm@server1 mainfest]$ cat pod2.yml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-example
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myappv1
  template:
    metadata:
      labels:
        app: myappv1
    spec:
      containers:
      - name: myappv1
        image: myapp:v1
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-example2
spec:
  replicas: 2
  selector:
    matchLabels:
      app: myappv2
  template:
    metadata:
      labels:
        app: myappv2
    spec:
      containers:
      - name: myappv2
        image: myapp:v2
[kubeadm@server1 mainfest]$ kubectl apply -f  pod2.yml

[kubeadm@server1 mainfest]$ cat service.yml 
kind: Service
apiVersion: v1
metadata:
  name: myservice
spec:
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  selector:
    app: myappv1
  type: ClusterIP
---
kind: Service
apiVersion: v1
metadata:
  name: myservice2
spec:
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  selector:
    app: myappv2
  type: ClusterIP
[kubeadm@server1 mainfest]$ kubectl apply -f  service.yml

[kubeadm@server1 mainfest]$ vim secret.yml
[kubeadm@server1 mainfest]$ cat secret.yml 
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
met