External authentication, authentication service response headers propagation

This example demonstrates propagation of selected authentication service response headers to backend service.

Sample configuration includes:

  • Sample authentication service producing several response headers

    • Authentication logic is based on HTTP header: requests with header User containing string internal are considered authenticated

    • After successful authentication service generates response headers UserID and UserRole

  • Sample echo service displaying header information

  • Two ingress objects pointing to echo service

    • Public, which allows access from unauthenticated users

    • Private, which allows access from authenticated users only

You can deploy the controller as follows:

$ kubectl create -f deploy/
deployment "demo-auth-service" created
service "demo-auth-service" created
ingress "demo-auth-service" created
deployment "demo-echo-service" created
service "demo-echo-service" created
ingress "public-demo-echo-service" created
ingress "secure-demo-echo-service" created

$ kubectl get po
NAME                                        READY     STATUS    RESTARTS   AGE
demo-auth-service-2769076528-7g9mh          1/1       Running            0          30s
demo-echo-service-3636052215-3vw8c          1/1       Running            0          29s

kubectl get ing
NAME                       HOSTS                                 ADDRESS   PORTS     AGE
public-demo-echo-service   public-demo-echo-service.kube.local             80        1m
secure-demo-echo-service   secure-demo-echo-service.kube.local             80        1m

Test 1: public service with no auth header

Test 2: secure service with no auth header

Test 3: public service with valid auth header

Test 4: secure service with valid auth header

PreviousCustom DH parameters for perfect forward secrecyNextaffinity

Last updated

Was this helpful?