我正在尝试使用 oauth2-proxy github 提供程序添加来自 Kubernetes 的身份验证
我已经根据官方文档设置了所有内容
但登录后,它会将我重定向到出现 500 内部服务器错误的页面:
以下是我设置 GitHub 应用程序的方法:
我的 kubernetesUI 和 oauth 代理入口:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
name: ingress
namespace: kubernetes-dashboard
spec:
rules:
- host: kubernetesui.***.com
http:
paths:
- backend:
service:
name: kubernetes-dashboard
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- kubernetesui.***.com
secretName: kubeui
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: oauth2-proxy
namespace: kubernetes-dashboard
spec:
ingressClassName: nginx
rules:
- host: kubernetesui.***.com
http:
paths:
- path: /oauth2
pathType: Prefix
backend:
service:
name: oauth2-proxy
port:
number: 4180
tls:
- hosts:
- kubernetesui.***.com
secretName: kubeui
我的代理选项:
spec:
containers:
- args:
- --provider=github
- --email-domain=*
- --upstream=file:///dev/null
- --http-address=0.0.0.0:4180
# Register a new application
# https://github.com/settings/applications/new
env:
- name: OAUTH2_PROXY_CLIENT_ID
value: ******
- name: OAUTH2_PROXY_CLIENT_SECRET
value: ***********
# docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));'
- name: OAUTH2_PROXY_COOKIE_SECRET
value: *************
代理日志:
192.168.189.44:58052 - ********* - - [2022/09/14 13:43:24] kubernetesui.*****.com GET - "/oauth2/auth" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" 401 13 0.000
192.168.189.44:58056 - *********- - [2022/09/14 13:43:24] kubernetesui.****.com GET - "/oauth2/start?rd=%2F" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" 302 310 0.000
[2022/09/14 13:43:25] [oauthproxy.go:775] Error creating session during OAuth2 callback: unexpected status "404": {"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/users#list-email-addresses-for-the-authenticated-user"}
192.168.189.44:58056 - *******- - [2022/09/14 13:43:24] kubernetesui.*******.com GET - "/oauth2/callback?code=947a40cc3606f6f15821&state=7ocJxLTnigFxcUCiS_3hJ28Kr6MYyCxrZTYA1La52JA%3A%2F" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" 500 2837 0.453
希望有人能指引我正确的方向