Fatal编程技术网
  • kubernetes/
  • Kubernetes K8S审核Webhook后端-如何处理身份验证?

Kubernetes K8S审核Webhook后端-如何处理身份验证?

kubernetes

Kubernetes K8S审核Webhook后端-如何处理身份验证?,kubernetes,auditing,Kubernetes,Auditing,我创建了ubuntu机器,它将从集群接收审计日志。 我创建配置文件是为了为k8s审计配置webhook后端 apiVersion: v1 kind: Config clusters: - cluster: server: http://34.68.115.34 name: webcluster contexts: - context: cluster: webcluster user: "" name: default-context current-contex

我创建了ubuntu机器,它将从集群接收审计日志。 我创建配置文件是为了为k8s审计配置webhook后端

apiVersion: v1
kind: Config
clusters:
- cluster:
    server: http://34.68.115.34
  name: webcluster
contexts:
- context:
    cluster: webcluster
    user: ""
  name: default-context
current-context: default-context
preferences: {}
users: []
在使用https的情况下,我没有找到任何配置相关身份验证的选项。
解决方案是什么?

您可以将基本身份验证用于http或证书用于https。当kube api服务器与webhook通信时,它将向webhook Web服务器提供客户端证书以进行自身身份验证。您需要在webhook Web服务器中安装cacert才能成功验证kuernetes api服务器。生成客户机证书并将该客户机证书添加到kubeconfig文件中所需的cacert

基本身份验证:

apiVersion: v1
kind: Config
preferences: {}
clusters:
- name: example-cluster
  cluster:
    server: http://10.1.35.4
users:
- name: example-user
  user:
    username: some-user
    password: some-password
contexts:
- name: example-context
  context:
    cluster: example-cluster
    user: example-user
current-context: example-context

apiVersion: v1
    kind: Config
    preferences: {}
    clusters:
    - name: example-cluster
      cluster:
        server: https://10.1.35.4
    users:
    - name: example-user
      user:
        client-certificate-data: <redacted>
        client-key-data: <redacted>
    contexts:
    - name: example-context
      context:
        cluster: example-cluster
        user: example-user
    current-context: example-context
证书:

apiVersion: v1
kind: Config
preferences: {}
clusters:
- name: example-cluster
  cluster:
    server: http://10.1.35.4
users:
- name: example-user
  user:
    username: some-user
    password: some-password
contexts:
- name: example-context
  context:
    cluster: example-cluster
    user: example-user
current-context: example-context

apiVersion: v1
    kind: Config
    preferences: {}
    clusters:
    - name: example-cluster
      cluster:
        server: https://10.1.35.4
    users:
    - name: example-user
      user:
        client-certificate-data: <redacted>
        client-key-data: <redacted>
    contexts:
    - name: example-context
      context:
        cluster: example-cluster
        user: example-user
    current-context: example-context
apiVersion:v1 种类:配置 首选项:{} 集群: -名称:示例集群 集群: 服务器:https://10.1.35.4 用户: -名称:示例用户 用户: 客户端证书数据: 客户端密钥数据: 上下文: -名称:示例上下文 背景: 集群:示例集群 用户:示例用户 当前上下文:示例上下文
我在golang编写了我的webhook。如何获取用户名和密码(基本身份验证)?它是否被发送到webhook?我编写了以下代码,但没有得到任何
func服务器(w http.ResponseWriter,r*http.Request){user11,pass11,ok:=r.BasicAuth()