Ingress

简体中文

English

简体中文

English

Appearance

认证示例

不同认证方式的配置示例。

配置文件:examples/authentication/

HTTP Basic(单个用户)

yaml
version: v1
port: 8080

rules:
  - host: basic-auth.example.com
    backend:
      service:
        name: api-service
        port: 8080
        auth:
          # enabled: true  # optional, defaults to true when type is set; set to false to temporarily disable auth
          type: basic
          basic:
            users:
              - username: admin
                password: admin123

HTTP Basic(多个用户)

yaml
version: v1
port: 8080

rules:
  - host: basic-auth-multi.example.com
    backend:
      service:
        mode: external
        protocol: https
        name: httpbin.zcorky.com
        port: 443
        auth:
          # enabled: true  # optional, defaults to true when type is set; set to false to temporarily disable auth
          type: basic
          basic:
            users:
              - username: admin
                password: admin123
              - username: user1
                password: user123
              - username: user2
                password: user456

Bearer token(单个)

yaml
version: v1
port: 8080

rules:
  - host: bearer-auth.example.com
    backend:
      service:
        name: api-service
        port: 8080
        auth:
          # enabled: true  # optional, defaults to true when type is set; set to false to temporarily disable auth
          type: bearer
          bearer:
            tokens:
              - my-secret-token-123

Bearer token(多个)

yaml
version: v1
port: 8080

rules:
  - host: bearer-auth-multi.example.com
    backend:
      service:
        mode: external
        protocol: https
        name: httpbin.zcorky.com
        port: 443
        auth:
          # enabled: true  # optional, defaults to true when type is set; set to false to temporarily disable auth
          type: bearer
          bearer:
            tokens:
              - token1-abc123xyz
              - token2-def456uvw
              - token3-ghi789rst

路径级认证

yaml
version: v1
port: 8080

rules:
  - host: mixed-auth.example.com
    backend:
      service:
        name: api-service
        port: 8080
        auth:
          # enabled: true  # optional, defaults to true when type is set
          type: basic
          basic:
            users:
              - username: default
                password: default123
    paths:
      - path: /admin
        backend:
          service:
            name: admin-service
            port: 8080
            auth:
              # enabled: true  # optional, defaults to true when type is set
              type: basic
              basic:
                users:
                  - username: admin
                    password: admin123
                  - username: superadmin
                    password: super123
      - path: /api
        backend:
          service:
            name: api-service
            port: 8080
            auth:
              # enabled: true  # optional, defaults to true when type is set
              type: bearer
              bearer:
                tokens:
                  - api-token-1
                  - api-token-2
                  - api-token-3

测试

Basic

bash
curl -u admin:admin123 -H "Host: basic-auth.example.com" http://localhost:8080/
curl -u admin:admin123 -H "Host: basic-auth-multi.example.com" http://localhost:8080/

Bearer

bash
curl -H "Host: bearer-auth.example.com" -H "Authorization: Bearer my-secret-token-123" http://localhost:8080/
curl -H "Host: bearer-auth-multi.example.com" -H "Authorization: Bearer token1-abc123xyz" http://localhost:8080/

路径级

bash
curl -u default:default123 -H "Host: mixed-auth.example.com" http://localhost:8080/
curl -u admin:admin123 -H "Host: mixed-auth.example.com" http://localhost:8080/admin
curl -H "Host: mixed-auth.example.com" -H "Authorization: Bearer api-token-1" http://localhost:8080/api

Released under the MIT License.

Copyright © 2024 GoZoox