问题描述
在已配置的 AKS 上,有一个带有应用程序的 docker 容器正在使用 AAD 身份验证.
On configured AKS there is docker container with application that is using AAD authentication.
基于这篇文章,还有配置入口.API 运行良好.
Based on this article there is also configured ingress. API is working well.
当我添加到带有 https 前缀的 Azure Active Directory 应用程序注册回复 URL 时,我收到错误请求中指定的回复 url 与为应用程序配置的回复 url 不匹配".我看到在浏览器地址行中,redirect_uri 以 http 开头.
When I add to Azure Active Directory application registration reply URL with https prefix I receive error "The reply url specified in the request does not match the reply urls configured for the application". And I see that in browser address line redirect_uri is starting with http.
当我添加以 http 开头的回复 URL 时,我收到异常:关联失败".
When I add reply URL that is starting with http, then I receive "Exception: Correlation failed".
我尝试过的:添加到 ingress.yaml 设置 ingress.kubernetes.io/force-ssl-redirect: "true"
What I have tried: Add to ingress.yaml setting ingress.kubernetes.io/force-ssl-redirect: "true"
可能有一些方法可以强制入口运行 https 而不是 http,或者可能有一些 AAD 重定向配置?有什么想法吗?
May be there is some way to force ingress run https instead of http, or there might be some AAD redirect configuration? Any ideas?
更新 2:http 重定向可能是因为 ADAL.
UPDATE 2: Probably http redirect is because of ADAL.
PS:能够找到 类似主题 没有答案
PS: Was able to find similar topic without an answer
更新3:我决定不使用 nginx 作为入口.相反,我现在正在使用负载均衡器.很快就可以使用 Azure 应用程序网关入口控制器
UPDATE3:I have decided not to use nginx as ingress. Instead I am using now Load balancer. Soon it would be possible to use Azure Application Gateway Ingress Controller
推荐答案
你试过了吗?
默认情况下,如果为该 Ingress 启用了 TLS,控制器会使用 308 永久重定向响应将 HTTP 客户端重定向到 HTTPS 端口 443.
这可以在 NGINX 配置映射中使用 ssl-redirect: "false" 全局禁用,或者使用 nginx.ingress.kubernetes.io/ssl-redirect 对每个 Ingress 禁用: "false" 特定资源中的注释.
This can be disabled globally using ssl-redirect: "false" in the NGINX config map, or per-Ingress with the nginx.ingress.kubernetes.io/ssl-redirect: "false" annotation in the particular resource.
这篇关于Kubernetes 和 AAD 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!