调用API服务在降级时不会收到任何引荐来源

编程问答 2022-08-15

问题描述

我有以下情况:

enter image description here

  • 一个向REST SVC发出请求并通过Keycloak保护的Webapp
  • 还通过Keycloak保护的REST SVC,其侦听端口为8080
  • 正在运行的Keycloak实例

每个服务都在Kubernetes上运行。

从浏览器调用REST SVC时,我得到了Referrer-Policy: no-referrer-when-downgrade,但还没有弄清楚为什么。

REST SVC资源文件

---
# Source: svc/templates/service.yaml
apiVersion: v1
kind: Service
Metadata:
  name: user-svc
  labels:
    helm.sh/chart: svc-0.1.0
    app.kubernetes.io/name: svc
    app.kubernetes.io/instance: user-svc
    app.kubernetes.io/version: "1.16.0"
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: svc
    app.kubernetes.io/instance: user-svc
---
# Source: svc/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
Metadata:
  name: user-svc
  labels:
    helm.sh/chart: svc-0.1.0
    app.kubernetes.io/name: svc
    app.kubernetes.io/instance: user-svc
    app.kubernetes.io/version: "1.16.0"
    app.kubernetes.io/managed-by: Helm
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: svc
      app.kubernetes.io/instance: user-svc
  template:
    Metadata:
      labels:
        app.kubernetes.io/name: svc
        app.kubernetes.io/instance: user-svc
    spec:
      imagePullSecrets:
        - name: regcred
      containers:
        - name: user-svc
          image: "hub.example.io/svc/user-svc:0.1.17"
          imagePullPolicy: IfNotPresent
          env:          
            - name: DB_USER
              valueFrom:
                secretKeyRef:
                  name: example.example-users-db.credentials.postgresql.acid.zalan.do
                  key: "username"
            - name: DB_PW
              valueFrom:
                secretKeyRef:
                  name: example.example-users-db.credentials.postgresql.acid.zalan.do
                  key: "password"
            - name: DB_URL
              valueFrom:
                configMapKeyRef:
                  name: example-users-db-url
                  key: "db_url"
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {}
---
# Source: svc/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
Metadata:
  name: user-svc
  labels:
    helm.sh/chart: svc-0.1.0
    app.kubernetes.io/name: svc
    app.kubernetes.io/instance: user-svc
    app.kubernetes.io/version: "1.16.0"
    app.kubernetes.io/managed-by: Helm
spec:
  tls:
    - hosts:
        - "dev.user.svc.example.io"
      secretName: dev-cert-staging
  rules:
    - host: "dev.user.svc.example.io"
      http:
        paths:
          - path: /
            backend:
              serviceName: user-svc
              servicePort: 80

根据文档https://www.w3.org/TR/referrer-policy/#referrer-policy-strict-origin-when-cross-origin,我必须将服务端口更改为443才能起作用。但是我不能确定退出

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)