Menu
I have a couple of web apps running on Kubernetes. To match the requests I use NGINX ingress. Currently, all applications are validating the token from our Identity Provider (I use Keycloak on dev and planning Azure Active Directory for Production) separately.
Is it possible to do the validation on the Ingress level?
For example, the user tries to enter the page. The Ingress check for a valid token and redirect if necessary to the IP. If the user is successfully logged in, the ingress controller provides the token to the app.
695
NGINX Ingress resources support additional protocols (TCP, UDP, and TLS Passthrough) – You can now deliver complex, non-HTTP-based services from Kubernetes using custom resources, in a simple and intuitive manner.
The Ingress Controller handles configuration resources created in any namespace of the cluster. As NGINX is a high-performance load balancer capable of serving many applications at the same time, this option is used by default in our installation manifests and Helm chart.
Coming to your query Ingress-nginx is not a load balancer but on a broader lever can help you with load balancing.
The Ingress controller is one of the most critical parts of Kubernetes platform, acting as the entry point for all incoming traffic to applications running on Kubernetes. That's why it must be built on top of a proven and reliable load‑balancing technology, such as NGINX.
Nginx ingress provides ability to plugin external OAUTH authentication provider via auth-url and auth-signin annotations.
metadata:
name: application
annotations:
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
An example of protecting kubernetes dashboard with external auth provider.
Refer to docs for more details here
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
