I have a k8s deployment of Kibana in IBM Cloud. It is exposed through ClusterIP k8s service, a k8s Ingress and it is accessible for a single Cloud Directory user authenticated through IBM Cloud App ID.

Kubernetes correctly re-directs to App ID login screen. The issue is that Kibana deployment is not accessible after successful AppID authentication. I get 301 Moved Permanently in a loop.

The same k8s deployment as above is exposed through k8s NodePort and works fine.

The same setup as above works correctly for a simple hello-world app with authentication.

I followed this tutorial.

In App ID Authentication Settings, the redirect URL is: https://our-domain/app/kibana/appid_callback

Here are portions of the k8s definitions, which are relevant:

---
kind: Service
apiVersion: v1
metadata:
  name: kibana-sec
  namespace: default
  labels:
    app: kibana-sec
spec:
  type: ClusterIP
  ports:
  - name: http
    protocol: TCP  
    port: 8080
    targetPort: 5601
  selector:
    app: kibana-sec


---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.bluemix.net/redirect-to-https: "True"
    ingress.bluemix.net/appid-auth: "bindSecret=<our-bindSecret> namespace=default requestType=web serviceName=kibana-sec"
    ...
    spec:
      rules:
      - host: <our-domain>
        http:
          paths:

    ...
          - backend:
              serviceName: kibana-sec
              servicePort: 8080
            path: /app/kibana/
      tls:
      - hosts:
        - <our-domain>
        secretName: <our-secretName>
    status:
      loadBalancer:
        ingress:
        - ip: <IPs>
        - ip: <IPs>

There is no "ingress.bluemix.net/rewrite-path" annotation for our service.