nginx ingress annotations to redirect to authentication and get back headers

Question

I've the below nginx conf file to redirect all the requests (by default) to /auth (of my service) and then get back a response header (foo_id). This header will be forwarded to the original request URI triggered by user. The below works properly with the nginx. ...

location / 
{
    auth_request /auth;
    auth_request_set $foo_id $upstream_http_foo_id;
    proxy_pass    $request_uri
    proxy_set_header X-foo-Token $foo_id;
    root   html;
    index  index.html index.htm;
}

location /auth 
{
    internal;
    proxy_pass   https://myhost/myservice;
    proxy_pass_request_body off;
    proxy_set_header        Content-Length "";
    proxy_set_header        X-Original-URI $request_uri;
}

---

But I need the corresponding ingress rules/annotations that are required to achieve the above use case. I couldn't get the respective auth/proxy-pass related annotations. Kindly help out.

Answer 1

You can use Nginx Ingress Annotations to achieve this goal.

In nutshell:

Assuming, you have an external auth service, which has a Kubernetes service configured. You need an annotation, which sends auth requests to this service:

nginx.ingress.kubernetes.io/auth-url: http://auth-service.<NameSpace>.svc.cluster.local/auth

Also, you can use nginx.ingress.kubernetes.io/auth-snippet annotation to set your custom configuration for the auth request e.g.

nginx.ingress.kubernetes.io/auth-snippet: |
    auth_request_set $foo_id $upstream_http_foo_id;
    proxy_pass    $request_uri
    proxy_set_header X-foo-Token $foo_id;

If you need to return some headers on successful auth, you can use nginx.ingress.kubernetes.io/auth-response-headers:

nginx.ingress.kubernetes.io/auth-response-headers:  X-Auth

And, nginx.ingress.kubernetes.io/auth-signin to specify the custom error page