https://www.spinnaker.io/setup/quickstart/halyard-gke-public/
在本教程之前,spinnaker已确认启动并在上运行
http://localhost:9000
1.3.1
,
1.4.1
1.4.2
.
在编辑/应用/启用谷歌安全后,我尝试登录,并成功地被谷歌登录屏幕挑战。完成双因素身份验证后,我将按预期重新定向
http://localhost:8084/login
,但我收到以下错误:
{
"error": "Unauthorized",
"message": "Authentication Failed: User's info does not have all required fields.",
"status": 401,
"timestamp": 1506985726074
}
kross@halyard:~$ hal config security authn oauth2 edit --provider google \
> --client-id $CLIENT_ID \
> --client-secret $CLIENT_SECRET \
> --user-info-requirements hd=$DOMAIN
+ Get current deployment
Success
+ Get authentication settings
Success
+ Edit oauth2 authentication settings
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
+ Successfully edited oauth2 method.
kross@halyard:~$ hal config security authn oauth2 enable
+ Get current deployment
Success
+ Edit oauth2 authentication settings
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
+ Successfully enabled oauth2
kross@halyard:~$ hal deploy apply
+ Get current deployment
Success
+ Apply deployment
Success
+ Deploy spin-clouddriver
Success
+ Deploy spin-front50
Success
+ Deploy spin-orca
Success
+ Deploy spin-deck
Success
+ Deploy spin-echo
Success
+ Deploy spin-gate
Success
+ Deploy spin-igor
Success
+ Deploy spin-rosco
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
我不太确定该怎么办。看起来我是真实的,但由于某种原因,交互中不允许使用必需的用户字段。
我已经复习过了
spinnaker's authentication setup
自
google
provider is a packaged OAuth 2 provider with spinnaker
下一步我可以从哪里开始?有文档的参考/指针吗?