K
Q

Is it possible to use multiple authentication types with nginx ingress?

10/2/2019

I have some internal services (Logging, Monitoring, etc) exposed via nginx-ingress and protected via oauth2-proxy and some identity manager (Okta) behind. We use 2fa for additional security for our users.

This works great for user accounts. It does not work for other systems like external monitoring as we can not make a request with a token or basic auth credentials.

Is there any known solution to enable multiple authentication types in an ingress resource?

Everything I found so far is specific for one authentication process and trying to add basic auth as well did not work.

Current ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/cluster-issuer: cert-manager-extra-issuer
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/auth-signin: https://sso-proxy/oauth2/start?rd=https://$host$request_uri
    nginx.ingress.kubernetes.io/auth-url: https://sso-proxy/oauth2/auth
-- stvnwrgs
kubernetes
kubernetes-ingress

Similar Questions

curl to the "kubernetes cluster node service" fails intermittently from master node
How can we create azure-disk based persistent volume claim and use them from a POD in Kubernetes?
API horizontal scaling in a kubernetes cluster and load balancing at API gateway
Kubeadm Failed to create SubnetManager: error retrieving pod spec for kube-system
Failed to get response from nginx ingress controller
Kubernates autoscale memory
Kubernetes - grant full access to all namespaces matching prefix or regex

1 Answer

10/14/2019

This is simply not an advisable solution. You cannot use multiple authentication types in a single Ingress resource.

The better way to deal with it would be to create separate Ingresses for different authentication types.

I hope it helps.

-- OhHiMark
Source: StackOverflow