K
Q

Can I use NGINX Ingress auth with oidc?

1/2/2020

I have a couple of web apps running on Kubernetes. To math the requests I use NGINX ingress. Currently, all applications are validating the token from our Identity Provider (I use Keycloak on dev and planning Azure Active Directory for Production) separately.

Is it possible to do the validation on the Ingress level?

For example, the user tries to enter the page. The Ingress check for a valid token and redirect if necessary to the IP. If the user is successfully logged in, the ingress controller provides the token to the app.

-- Nico Schuck
kubernetes
nginx-ingress
openid-connect

Similar Questions

Kubernetes access multiple cluster with KUBECONFIG variable on Windows
Kubernetes with Istio: Authenticate with External Oauth Service
Deploying helm charts via Terraform Helm provider and Azure DevOps while fetching the helm charts from ACR
Jenkins build with kubernetes integration fails with No such DSL method error

1 Answer

1/2/2020

Nginx ingress provides ability to plugin external OAUTH authentication provider via auth-url and auth-signin annotations.

metadata:
  name: application
  annotations:
    nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
    nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"

An example of protecting kubernetes dashboard with external auth provider.

Refer to docs for more details here

-- Arghya Sadhu
Source: StackOverflow