Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e: add testcases for auth annotations #200

Open
Xunzhuo opened this issue Feb 16, 2023 · 5 comments
Open

e2e: add testcases for auth annotations #200

Xunzhuo opened this issue Feb 16, 2023 · 5 comments
Labels
area/annotation area/e2e help wanted Extra attention is needed level/challenge sig/automation
Milestone
backlog

Comments

@Xunzhuo
Copy link
Collaborator

Xunzhuo commented Feb 16, 2023

Why do you need it?

annotations:

  • nginx.ingress.kubernetes.io/auth-type
  • nginx.ingress.kubernetes.io/auth-secret
  • nginx.ingress.kubernetes.io/auth-secret-type
  • nginx.ingress.kubernetes.io/auth-realm

How could it be?

Add testcases for auth annotations.

Other related information
@Xunzhuo Xunzhuo mentioned this issue Feb 16, 2023
Open
@fizos
Copy link

fizos commented Feb 20, 2023

你好,请问采用annotation方式来配置ingress后是否需要额外手动安装auth wasm 插件?

@johnlanni
Copy link
Collaborator

你好,请问采用annotation方式来配置ingress后是否需要额外手动安装auth wasm 插件?

不需要,这个basic auth功能已经内置了

@fizos
Copy link

fizos commented Feb 20, 2023
edited
Loading

当对foo ingress采用如下annotations时
Annotations:
nginx.ingress.kubernetes.io/auth-realm: Authentication Required - foo
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-type: basic

auth没有生效,controller日志打印如下:
nce stable[11] 1 for config EnvoyFilter/higress-system/istio-autogenerated-k8s-ingress-basic-auth: 100.950583ms since last change, 100.949875ms since last push, full=true
ng:2023-02-20T12:35:57Z/9 Services:6 ConnectedEndpoints:1 Version:2023-02-20T12:35:57Z/9
for node:higress-gateway-5dc84b8cc4-6k79l.higress-system resources:15 size:5.7kB cached:0/14
for node:higress-gateway-5dc84b8cc4-6k79l.higress-system resources:14 size:2.5kB empty:0 cached:14/14
for node:higress-gateway-5dc84b8cc4-6k79l.higress-system resources:1 size:4.1kB
for node:higress-gateway-5dc84b8cc4-6k79l.higress-system resources:1 size:937B cached:0/0
CK ERROR higress-gateway-5dc84b8cc4-6k79l.higress-system-1 Internal:Error adding/updating listener(s) 0.0.0.0_80: Unable to create Wasm HTTP filter basic-auth

gateway 日志如下:
] [2023-02-20 12:35:57.084][17][warning][config] gRPC config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) 0.0.0.0_80: Unable t
calhost","bytes_received":"0","bytes_sent":"4","downstream_local_address":"10.1.0.25:80","downstream_remote_address":"192.168.65.3:64306","duration":"16","istio_policy_status":"-","me
] [2023-02-20 12:36:43.550][17][error][wasm] Wasm VM failed Failed to load NullVM plugin
] [2023-02-20 12:36:43.550][17][error][wasm] Wasm VM failed Failed to load Wasm code

请问是否哪里配置不正确?

@johnlanni
Copy link
Collaborator

@fizos 是basic auth的nullvm plugin没有被编译进来,需要调整下envoy的编译参数,我后续修复下

@johnlanni johnlanni added this to the 0.8.0 milestone Mar 17, 2023
@johnlanni
Copy link
Collaborator

@fizos 1.0.0-rc 版本已修复此问题 可以执行 helm upgrade/install --devel 升级到最新rc版本

@johnlanni johnlanni modified the milestones: 1.0.0, backlog May 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/annotation area/e2e help wanted Extra attention is needed level/challenge sig/automation
Projects
Higress
Status: Todo
Milestone
backlog
Development

No branches or pull requests
4 participants
@CH3CHO @johnlanni @Xunzhuo @fizos