I have implemented emissary ingress on kubernetes and implemented Deployments, Services and mappings.
Below mapping has been created in emissary
root@master1:~# kubectl get mapping
NAME SOURCE HOST SOURCE PREFIX DEST SERVICE STATE REASON
quote-backend /backend/ quote
root@master1:~#
At this point when i ran curl command, it was working fine.
root@master1:~# curl -Lv 172.31.11.157/backend/
* Trying 172.31.11.157:80...
* TCP_NODELAY set
* Connected to 172.31.11.157 (172.31.11.157) port 80 (#0)
> GET /backend/ HTTP/1.1
> Host: 172.31.11.157
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< content-type: application/json
< date: Thu, 20 Jan 2022 14:24:57 GMT
< content-length: 157
< x-envoy-upstream-service-time: 11
< server: envoy
<
{
"server": "dowdy-snozzberry-0gihwpim",
"quote": "A principal idea is omnipresent, much like candy.",
"time": "2022-01-20T14:24:57.136915384Z"
* Connection #0 to host 172.31.11.157 left intact
}root@master1:~#
But as soon as I implemented auth service in emissary ingress, it start giving 403 error code
root@master1:~# kubectl get authservice
NAME AGE
authentication 140m
root@master1:~#
root@master1:~# curl -Lv 172.31.11.157/backend/
* Trying 172.31.11.157:80...
* TCP_NODELAY set
* Connected to 172.31.11.157 (172.31.11.157) port 80 (#0)
> GET /backend/ HTTP/1.1
> Host: 172.31.11.157
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< date: Thu, 20 Jan 2022 14:29:33 GMT
< server: envoy
< content-length: 0
<
* Connection #0 to host 172.31.11.157 left intact
root@master1:~#
I have checked all mapping and Services and also checked internet for solution but getting no resolution.
Also I have implemented same configuration as mentioned in below link.
https://www.getambassador.io/docs/emissary/
To double check, my mapping is correct, I tried bypassing authentication by using bypass_auth flag and it start giving 200 code.
Need you support to resolve 403 error code.