K
Q

Kubernetes with Istio: Authenticate with External Oauth Service

1/2/2020

I'm looking for a way to authenticate an Istio-enabled Kubernetes cluster with an external Oauth2 provider. The Nginx Ingress controller has a way to do this when using vanilla Ingres resources.

https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/

However, I'm not sure how to do this with Istio Gateway and VirtualService objects. Basically, I need to be able to provide an auth-url and an auth-sigin url to Istio, so it will authenticate the same way that the oauth Nginx ingress controller does. I've found a few examples of EnvoyFilters suggest ways to do this, but there isn't a lot of documentation on how to make this work.

Any advice to get Istio to integrate with an external Oauth would be much appreciated.

-- Joe J
istio
kubernetes
oauth
oauth-2.0

Similar Questions

Deploying helm charts via Terraform Helm provider and Azure DevOps while fetching the helm charts from ACR
Jenkins build with kubernetes integration fails with No such DSL method error
Kubernetes: Is it possible to mutate the status subresources in the mutation admission webhooks?
How to debug Helm chart errors like "error converting YAML to JSON: yaml: mapping values are not allowed in this context"?

1 Answer

1/2/2020

OriginAuthenticationMethod is the authentication policy that you are looking for.

Refer: https://istio.io/docs/reference/config/security/istio.authentication.v1alpha1/#OriginAuthenticationMethod

Currently, only JWT is supported for origin authentication.

A workaround would be using another type of Ingress.

-- Tummala Dhanvi
Source: StackOverflow