K8S里给nginx配置带认证的http代理(示例:配置安全访问kibana)
1、创建一个nginx.conf配置文件nginx.conf#usernginx;worker_processes1;error_log/var/log/nginx/error.log warn;#pid/var/run/nginx.pid;events {worker_connections1024;}http {#include/etc/nginx/mime.types;default_typ
·
1、创建一个nginx.conf配置文件nginx.conf
#user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
#pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
#include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
server {
listen 5601;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://10.100.197.61:5601; #配置代理
#root /usr/share/nginx/html;
#index index.html index.htm;
auth_basic "login"; #配置基本认证
auth_basic_user_file /etc/nginx-htpasswd/htpasswd; #这一步引用密码文件
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
}
2、创建configmap
kubectl create cm kibana-nginx --from-file=nginx.conf
3、创建应用部署 kibana-nginx-deployment.yaml
我将nginx认证的密码保存在ceph中,实际中此处可以比较灵活。
apiVersion: apps/v1
kind: Deployment
metadata:
name: kibana-nginx
spec:
replicas: 1
selector:
matchLabels:
app: kibana-nginx
template:
metadata:
labels:
app: kibana-nginx
spec:
containers:
- name: kibana-nginx
image: 10.41.10.81:5000/nginx
env:
- name: update
value: "5"
volumeMounts:
- mountPath: "/etc/nginx/"
name: conf
- mountPath: "/etc/nginx-htpasswd/"
name: htpasswd
ports:
- containerPort: 5601
volumes:
- name: conf
configMap:
name: kibana-nginx
- name: htpasswd
cephfs:
monitors:
- 10.41.10.81:6789,10.41.10.82:6789,10.41.10.83:6789
path: /kibana/
user: admin
readOnly: false
secretRef:
name: ceph-secret
生效:kubectl apply -f kibana-nginx-deployment.yaml
4、创建密码文件
##如果服务器上没有htpasswd命令,请安装
# yum install httpd
htpasswd -cm htpasswd admin #htpasswd为文件名,admin为用户名。之后输入两次密码即可
5、创建服务,使之能够被访问 kibana-nginx-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: kibana-nginx-svc
spec:
ports:
- port: 5601
targetPort: 5601
selector:
app: kibana-nginx
type: NodePort
externalIPs:
- 10.41.10.60
这一步之后,便可以访问10.41.10.60:5601,此时被代理的http将需要输入用户名与密码。
完工!!!
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献12条内容
所有评论(0)