个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
30
4
我正在使用大使作为API网关,并试图使外部身份验证正常工作。我已经部署了具有相应大使注释的auth-service
...
metadata:
name: auth-service-svc
annotations:
getambassador.io/config: |
---
apiVersion: ambassador/v1
kind: AuthService
name: authentication
proto: http
path_prefix: "/api"
auth_service: auth-service-svc:8080
spec:
ports:
- port: 8080
targetPort: 8080
name: http
selector:
app: auth-service
type: ClusterIP
curl来针对
http://[hostname]/api发起Get请求时,我希望可以调用auth-service。但是,这似乎没有发生。当我查看大使日志时,会看到以下消息:
[2019-04-12 15:10:42.977][75][debug][main] [source/server/connection_handler_impl.cc:257] [C20117] new connection
[2019-04-12 15:10:42.977][75][debug][http] [source/common/http/conn_manager_impl.cc:243] [C20117] new stream
[2019-04-12 15:10:42.977][75][debug][http] [source/common/http/conn_manager_impl.cc:580] [C20117][S12856858676043764009] request headers complete (end_stream=true):
':authority', '<some-prefix>.elb.amazonaws.com'
':path', '/api/'
':method', 'GET'
'user-agent', 'curl/7.61.0'
'accept', '*/*'
[2019-04-12 15:10:42.977][75][debug][http] [source/common/http/conn_manager_impl.cc:1037] [C20117][S12856858676043764009] request end stream
[2019-04-12 15:10:42.977][75][debug][router] [source/common/router/router.cc:277] [C20117][S12856858676043764009] no cluster match for URL '/api/'
[2019-04-12 15:10:42.977][75][debug][http] [source/common/http/conn_manager_impl.cc:1278] [C20117][S12856858676043764009] encoding headers via codec (end_stream=true):
':status', '404'
'date', 'Fri, 12 Apr 2019 15:10:42 GMT'
'server', 'envoy'
[2019-04-12 15:10:43.013][75][debug][connection] [source/common/network/connection_impl.cc:502] [C20117] remote close
[2019-04-12 15:10:43.013][75][debug][connection] [source/common/network/connection_impl.cc:183] [C20117] closing socket: 0
...
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: copying configuration from http://localhost:34525/api/snapshot/40 to /ambassador/snapshots/snapshot-tmp.yaml
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: Load balancer for tcp://auth-service-svc:8080 is None
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: Load balancer for tcp://127.0.0.1:8877 is None
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: Load balancer for tcp://127.0.0.1:8877 is None
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: Load balancer for tcp://127.0.0.1:8877 is None
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: extauth: server_uri http://api
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: listen_ports ['80']
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: -global-: NOTICE: Ambassador 0.60 will default to listening on port 8080 for HTTP. You will need to change your configuration to continue using port 80.
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: successfully validated the resulting envoy configuration, continuing...
....
[2019-04-12 15:20:59.782][65][debug][config] [source/server/listener_manager_impl.cc:56] name: envoy.http_connection_manager
[2019-04-12 15:20:59.783][65][debug][config] [source/server/listener_manager_impl.cc:59] config: {"use_remote_address":true,"access_log":[{"config":{"path":"/dev/fd/1","format":"ACCESS [%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\"\n"},"name":"envoy.file_access_log"}],"xff_num_trusted_hops":0,"normalize_path":true,"route_config":{"virtual_hosts":[{"name":"backend","routes":[{"route":{"priority":null,"prefix_rewrite":"/ambassador/v0/check_ready","timeout":"10.000s","weighted_clusters":{"clusters":[{"name":"cluster_127_0_0_1_8877","weight":100}]}},"match":{"prefix":"/ambassador/v0/check_ready","case_sensitive":true}},{"match":{"case_sensitive":true,"prefix":"/ambassador/v0/check_alive"},"route":{"priority":null,"prefix_rewrite":"/ambassador/v0/check_alive","timeout":"10.000s","weighted_clusters":{"clusters":[{"name":"cluster_127_0_0_1_8877","weight":100}]}}},{"match":{"case_sensitive":true,"prefix":"/ambassador/v0/"},"route":{"priority":null,"weighted_clusters":{"clusters":[{"weight":100,"name":"cluster_127_0_0_1_8877"}]},"timeout":"10.000s","prefix_rewrite":"/ambassador/v0/"}},{"match":{"case_sensitive":true,"prefix":"/leads/"},"route":{"timeout":"3.000s","prefix_rewrite":"/","weighted_clusters":{"clusters":[{"weight":100,"name":"cluster_lead_service_svc"}]},"priority":null}}],"domains":["*"]}]},"http_filters":[{"config":{"http_service":{"server_uri":{"timeout":"5.000s","uri":"http://api","cluster":"cluster_extauth_auth_service_svc_8080"},"authorization_request":{"allowed_headers":{"patterns":[{"exact":"x-forwarded-proto"},{"exact":"cookie"},{"exact":"user-agent"},{"exact":"proxy-authorization"},{"exact":"from"},{"exact":"authorization"},{"exact":"x-forwarded-for"},{"exact":"x-forwarded-host"}]}},"path_prefix":"/api","authorization_response":{"allowed_client_headers":{"patterns":[{"exact":"authorization"},{"exact":"set-cookie"},{"exact":"location"},{"exact":"www-authenticate"},{"exact":"proxy-authenticate"}]},"allowed_upstream_headers":{"patterns":[{"exact":"authorization"},{"exact":"set-cookie"},{"exact":"location"},{"exact":"www-authenticate"},{"exact":"proxy-authenticate"}]}}}},"name":"envoy.ext_authz"},{"name":"envoy.cors"},{"name":"envoy.router"}],"stat_prefix":"ingress_http"}
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: configuration updated from snapshot 40
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: Scout reports {"latest_version": "0.53.1", "application": "ambassador", "cached": true, "timestamp": 1555081685.663466}
2019-04-12 15:20:59 diagd 0.53.1 [P43TAmbassadorEventWatcher] INFO: Scout notices: [{"level": "DEBUG", "message": "Returning cached result"}]
[2019-04-12 15:20:59.799][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:302] http filter #0
[2019-04-12 15:20:59.799][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:303] name: envoy.ext_authz
[2019-04-12 15:20:59.800][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:307] config: {"http_service":{"authorization_response":{"allowed_upstream_headers":{"patterns":[{"exact":"authorization"},{"exact":"set-cookie"},{"exact":"location"},{"exact":"www-authenticate"},{"exact":"proxy-authenticate"}]},"allowed_client_headers":{"patterns":[{"exact":"authorization"},{"exact":"set-cookie"},{"exact":"location"},{"exact":"www-authenticate"},{"exact":"proxy-authenticate"}]}},"server_uri":{"timeout":"5.000s","uri":"http://api","cluster":"cluster_extauth_auth_service_svc_8080"},"authorization_request":{"allowed_headers":{"patterns":[{"exact":"x-forwarded-proto"},{"exact":"cookie"},{"exact":"user-agent"},{"exact":"proxy-authorization"},{"exact":"from"},{"exact":"authorization"},{"exact":"x-forwarded-for"},{"exact":"x-forwarded-host"}]}},"path_prefix":"/api"}}
[2019-04-12 15:20:59.801][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:302] http filter #1
[2019-04-12 15:20:59.801][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:303] name: envoy.cors
[2019-04-12 15:20:59.801][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:307] config: {}
[2019-04-12 15:20:59.801][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:302] http filter #2
[2019-04-12 15:20:59.801][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:303] name: envoy.router
[2019-04-12 15:20:59.801][65][debug][config] [source/extensions/filters/network/http_connection_manager/config.cc:307] config: {}
[2019-04-12 15:20:59.804][65][debug][config] [source/server/listener_manager_impl.cc:627] add warming listener: name=ambassador-listener-80, hash=1783155174245818883, address=0.0.0.0:80
[2019-04-12 15:20:59.804][65][debug][init] [source/common/init/manager_impl.cc:45] init manager Listener ambassador-listener-80 contains no targets
[2019-04-12 15:20:59.804][65][debug][init] [source/common/init/watcher_impl.cc:14] init manager Listener ambassador-listener-80 initialized, notifying ListenerImpl
[2019-04-12 15:20:59.805][65][debug][config] [source/server/listener_manager_impl.cc:627] warm complete. updating active listener: name=ambassador-listener-80, hash=1783155174245818883, address=0.0.0.0:80
[2019-04-12 15:20:59.805][65][debug][config] [source/server/listener_manager_impl.cc:627] draining listener: name=ambassador-listener-80, hash=5292162044335998753, address=0.0.0.0:80
[2019-04-12 15:20:59.805][65][info][upstream] [source/server/lds_api.cc:74] lds: add/update listener 'ambassador-listener-80'
[2019-04-12 15:20:59.806][65][debug][config] [source/common/config/grpc_mux_impl.cc:104] Resuming discovery requests for type.googleapis.com/envoy.api.v2.RouteConfiguration
[2019-04-12 15:20:59.806][65][debug][config] [bazel-out/k8-dbg/bin/source/common/config/_virtual_includes/grpc_mux_subscription_lib/common/config/grpc_mux_subscription_impl.h:66] gRPC config for type.googleapis.com/envoy.api.v2.Listener accepted with 1 resources with version v40
[2019-04-12 15:20:59.806][65][debug][config] [source/common/config/grpc_mux_impl.cc:118] Received gRPC message for type.googleapis.com/envoy.api.v2.Cluster at version v40
[2019-04-12 15:20:59.806][65][debug][config] [source/common/config/grpc_mux_impl.cc:96] Pausing discovery requests for type.googleapis.com/envoy.api.v2.ClusterLoadAssignment
[2019-04-12 15:20:59.811][65][info][upstream] [source/common/upstream/cluster_manager_impl.cc:483] add/update cluster cluster_extauth_auth_service_svc_8080 starting warming
[2019-04-12 15:20:59.811][65][debug][config] [source/common/config/grpc_mux_impl.cc:96] Pausing discovery requests for type.googleapis.com/envoy.api.v2.Cluster
[2019-04-12 15:20:59.811][65][debug][upstream] [source/common/network/dns_impl.cc:158] Setting DNS resolution timer for 5000 milliseconds
[2019-04-12 15:20:59.811][65][debug][upstream] [source/common/upstream/cds_api_impl.cc:110] cds: add/update cluster 'cluster_extauth_auth_service_svc_8080'
[2019-04-12 15:20:59.811][65][debug][config] [source/common/config/grpc_mux_impl.cc:104] Resuming discovery requests for type.googleapis.com/envoy.api.v2.ClusterLoadAssignment
[2019-04-12 15:20:59.811][65][debug][config] [bazel-out/k8-dbg/bin/source/common/config/_virtual_includes/grpc_mux_subscription_lib/common/config/grpc_mux_subscription_impl.h:66] gRPC config for type.googleapis.com/envoy.api.v2.Cluster accepted with 3 resources with version v40
[2019-04-12 15:20:59.812][65][debug][upstream] [source/common/upstream/upstream_impl.cc:1358] DNS hosts have changed for auth-service-svc
[2019-04-12 15:20:59.812][65][debug][upstream] [source/common/upstream/upstream_impl.cc:721] initializing secondary cluster cluster_extauth_auth_service_svc_8080 completed
[2019-04-12 15:20:59.812][65][debug][init] [source/common/init/manager_impl.cc:45] init manager Cluster cluster_extauth_auth_service_svc_8080 contains no targets
[2019-04-12 15:20:59.812][65][debug][init] [source/common/init/watcher_impl.cc:14] init manager Cluster cluster_extauth_auth_service_svc_8080 initialized, notifying ClusterImplBase
[2019-04-12 15:20:59.812][65][info][upstream] [source/common/upstream/cluster_manager_impl.cc:496] warming cluster cluster_extauth_auth_service_svc_8080 complete
[2019-04-12 15:20:59.812][75][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:517] adding TLS cluster cluster_extauth_auth_service_svc_8080
[2019-04-12 15:20:59.812][76][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:517] adding TLS cluster cluster_extauth_auth_service_svc_8080
[2019-04-12 15:20:59.812][65][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:517] adding TLS cluster cluster_extauth_auth_service_svc_8080
[2019-04-12 15:20:59.812][75][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:978] membership update for TLS cluster cluster_extauth_auth_service_svc_8080 added 1 removed 0
[2019-04-12 15:20:59.812][76][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:978] membership update for TLS cluster cluster_extauth_auth_service_svc_8080 added 1 removed 0
[2019-04-12 15:20:59.812][65][debug][upstream] [source/common/upstream/cluster_manager_impl.cc:978] membership update for TLS cluster cluster_extauth_auth_service_svc_8080 added 1 removed 0
[2019-04-12 15:20:59.812][65][debug][config] [source/common/config/grpc_mux_impl.cc:104] Resuming discovery requests for type.googleapis.com/envoy.api.v2.Cluster
....
最佳答案
path_prefix: "/api"不会而不是为您的身份验证服务创建映射,它仅告诉/ api将附加到您的请求中,并且身份验证服务需要该前缀。当您在大使中定义身份验证服务时,所有请求将被重定向到身份验证服务。如果您需要直接向auth服务发出请求,请为其创建映射。
例:
如果您有映射服务:
apiVersion: ambassador/v1
kind: Mapping
name: myapp-mapping
prefix: /myapp/
service: myapp:8000
curl $URL/myapp/时,请求将被重定向到$ URL / api / myapp的auth-service。身份验证服务需要具有/ api / myapp的终结点。如果返回HTTP状态200,则大使会将原始请求发送到myapp。否则,它将把auth-service响应返回给客户端。
curl $URL/api/myapp,则可以在身份验证服务中删除前缀,并将myapp的前缀更改为/ api / myapp /
关于kubernetes - 大使外部身份验证设置返回404,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55655050/
30
4
0
这个问题已经有答案了: Is there any way to accept only numeric values in a JTextField? (20 个回答) It's possible i
我使用戴尔 XPS M1710。笔记本电脑的盖子、侧面扬声器和前置扬声器都有灯(3 组灯可以单独调节)和鼠标垫下方的灯。在 BIOS 中,我可以更改这些灯的颜色,至少是每个组。另外,我可以在鼠标垫下打
我知道我可以使用 在 iOS 5 中打开设置应用 [[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"prefs://"
我有一个 Django 应用程序,我正在尝试为其设置文档。目录结构如下: - doc - project | - manage.py 我已经设置了路径以便 Sphinx 可以看到东西,但是当我尝试使用
我正在使用 768mb ram 运行 centos 5.5。我一直在日志中获取 server reached MaxClients setting, consider raising the MaxC
我在具有以下配置的服务器内运行了 Drupal 安装: StartServers 5 MinSpareServers 5 MaxSpareServers 15 MaxClien
是否可以使用 Microsoft.Web.Administration 包为给定的 location 配置 asp 设置? 我想以编程方式将以下部分添加到本地 IIS applicationHost.
我一直在阅读为 kube-proxy 提供参数的文档,但没有解释应该如何使用这些参数。我使用 az aks create 创建我的集群使用 azure-cli 程序,然后我获得凭据并使用 kubect
我想知道与在 PHP 中使用 setcookie() 函数相比,在客户端通过 JavaScript 设置一些 cookie 是否有任何明显的优势?我能想到的唯一原因是减少一些网络流量(第一次)。但不是
我有一个按钮可以将 body class 设置为 .blackout 我正在使用 js-cookie设置cookie,下面的代码与我的按钮相关联。 $('#boToggle').on('click'
我有一堆自定义的 HTML div。我将其中的 3 存储在具有 slide 类的 div 中。然后,我使用该幻灯片类调用 slick 函数并应用如下设置: $('.slide').slick({
我正在创建一个应该在 Windows 8(桌面)上运行的应用 我需要: 允许用户使用我的应用启动“文件历史记录”。我需要找到打开“文件历史记录”的命令行。 我需要能够显示“文件历史记录”的当前设置。
我刚买了一台新的 MacBook Pro,并尝试在系统中设置 RVM。我安装了 RVM 并将默认设置为 ➜ rvm list default Default Ruby (for new shells)
由于有关 Firestore 中时间戳行为即将发生变化的警告,我正在尝试更改我的应用的初始化代码。 The behavior for Date objects stored in Firestore
在 ICS 中,网络 -> 数据使用设置屏幕中现在有“限制后台数据”设置。 有没有办法以编程方式为我的应用程序设置“限制后台数据”? 或 有没有办法为我的应用程序调出具有选项的“数据使用”设置? 最佳
我正在尝试使用 NextJS 应用程序设置 Jest,目前在 jest.config.js : module.exports = { testPathIgnorePatterns: ["/.n
我最近升级到 FlashDevelop 4,这当然已经将我之前的所有设置恢复到原来的状态。 我遇到的问题是我无法在新设置窗口的哪个位置找到关闭它在方括号、大括号等之前插入的自动空格的选项。 即它会自动
有没有办法以编程方式访问 iPhone/iPod touch 设置? 谢谢。比兰奇 最佳答案 大多数用户设置可以通过读取存储在 /User/Library/Preferences/ 中的属性列表来访问
删除某些值时,我需要选择哪些设置来维护有序队列。我创建了带有自动增量和主键的 id 的表。当我第一次插入值时,没问题。就像 1,2,3,4,5... 当删除某些值时,顺序会发生变化,例如 1,5,3.
我正在尝试设置示例 Symfony2 项目,如此处所示 http://symfony.com/doc/current/quick_tour/the_big_picture.html 在访问 confi
我是一名优秀的程序员,十分优秀!