K
Q

Kubernetes Ingress perform authorization before route, like api gateway

11/23/2019

It's possible to perform an authorization(rule-based like) into Kubernetes ingress(like kong, nginx). For example, i have this:

apiVersion: extensions/v1beta1

kind: Ingress
metadata:
  name: foo-bar
spec:
  rules:
  - host: api.foo.bar
    http:
      paths:
      - path: /service
        backend:
          serviceName: service.foo.bar
          servicePort: 80

But before redirect to /service, I need to perform a call in my authorization api to valid if the request token has the rule to pass for /service.

Or I really need to use an API gateway behind ingress like a spring zuul to do this?

-- Ricardo Palazzio
api-gateway
kong-ingress
kubernetes
kubernetes-ingress
nginx-ingress

Similar Questions

Kubernetes Service ExternalName
Need CIFS dynamic PV provisionner restricted to a specific namespace
Helm secrets plugin unable to decrypt secrets.yaml encrypted before with GPG key
How to set pod to use all available CPU Cores
Docker increase disk space
AZURE: Events are not flowing into Azure Application insight when job is scheduled using kubernetes CronJob

1 Answer

11/23/2019

Ingress manifest is just input for a controller. You also need an Ingress Controller, an proxy that understand the Ingress object. Kong and Nginx is two examples of implementation.

Nginx Ingress Controller is provided from the Kubernetes community and it has an example of configuring an external oauth2 proxy using annotations

annotations:
  nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
  nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
-- Jonas
Source: StackOverflow