Kubernetes NGINX Ingress: Disable Basic Auth for specific path

1/31/2019

I want to disable basic auth only on a specific subpath of my App. How this can be done?

e.g.

All subpaths should be basic auth secured:

/ 

This path should be an exception and public reachable:

/#/public 

ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: app
  labels:
    app: app
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/auth-type: basic
    ingress.kubernetes.io/auth-secret: basic-auth
    ingress.kubernetes.io/auth-realm:  "Authentication Required"
spec:
  rules:
  - host: "<MYHOST>"
    http:
      paths:
      - path: /
        backend:
          serviceName: app-service
          servicePort: 80
  tls:
    - secretName: "app-secret"
      hosts:
      - "<MYHOST>"
-- Tim Schwalbe
basic-authentication
kubernetes
kubernetes-ingress
nginx

1 Answer

1/31/2019

The path you're trying to use ( /#/public ) never reachs the server, the client send only /. That's the reason why you are unable to disable de auth.

The symbol (#) is a separator for URL fragment identifier. The rfc2396 explains it.

The semantics of a fragment identifier is a property of the data resulting from a retrieval action, regardless of the type of URI used in the referenc

If you tail the logs of your ingress pod you'll see the url that reachs the backend.

An additional note, if you need the url to reach the server then you need to urlencode it, /%23/public but, it's something with a different meaning.

Regards.

-- mdaguete
Source: StackOverflow