In our kubernetes-setup we are using the oauth2-proxy in front of a kubernetes-dashboard to provide oidc authentication for the dashboard. A nginx ingress handles the authorization against the auth2-proxy. We are using some annotations of the nginx ingress to configure nginx that way.
The Problem is, we are currently migrating from nginx to the Kong Ingress Controller. I can't find a solution to make this work with kong. Does anyone know a solution to achieve this with kong?
We can't use the kong oidc plugin because it's only available with a kong plus or enterprise subscription.
Our current setup with nginx ingress
We are using the following annotations:
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
nginx.ingress.kubernetes.io/configuration-snippet: |
auth_request_set $token $upstream_http_authorization;
proxy_set_header Authorization $token;
proxy_pass_header Authorization;
For each incoming request nginx calls /oauth2/auth to receive the users token (in a header of the response) before calling the upstream service with the token in the authorization header.
If /oauth2/auth does return a 4xx status code it will redirect the user to /oauth2/start where the user needs to login.
The oauth2-proxy identifies the user by an cookie (to map him to his token), set after logging in with /oauth2/start.
