I have an ASP.NET Core 2 application running in a pod.
It is nothing fancy. Just the default app created by Visual Studio, with "School/Work account"-authentication enabled.
My ingress points to the service at /
- path: /
backend:
serviceName: debug-ui
servicePort: 80When i hit that endpoint (/) i am being redirected to Azure AD login. I authenticate and Azure AD redirects to /signin-oidc which is normal for AD login. So far everything works as expected.
The problem is that the ingress responds with a "502 - Bad gateway", probably because the ingress sees /signin-oidc as a route to another (non-existing) service, but it should have been an endpoint on the application at / itself.
The application running at / also have /about and a /contact - which works fine when auth is disabled
The /signin-oidc is called as HTTP POST with the authentication token. (JWT)
How do i get around this issue ?
Technologies :
Using Flask (instead of .NET) and AAD works with nginx ingress with something like below:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: flask-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/use-regex: "true"
spec:
tls:
- hosts:
- example.com
secretName: flask-auth
rules:
- host: example.com
http:
paths:
- backend:
serviceName: flask-app
servicePort: 80
path: /app(/|$)(.*)
---This has something like:
AAD
example.com/app
example.com/app/login
example.com/app/other-logins-urls renders html templates
example.com/app/app-name paths:
- path: /tea
backend:
serviceName: tea-svc
servicePort: 80
- path: /coffee
backend:
serviceName: coffee-svc
servicePort: 80