Different endpoints for different groups

Question

Different endpoints for different groups

dignajar opened this issue 6 years ago · 4 comments

Hi,
It's possible to generate different endpoint with different authentication configuration ?

For example.

nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth.default.svc.cluster.local:5555/config1

nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth.default.svc.cluster.local:5555/config2

So each endpoint has a different authentication filters.

Answer 1 · 2019-02-27T22:41:09.000Z

Yes, it is possible, simple duplicate the yaml and change it's name:

nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth-1.default.svc.cluster.local:5555
nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth-2.default.svc.cluster.local:5555

It will solve your problem.

Answer 2 · 2019-02-28T09:16:24.000Z

Hi, is ok that solution but I going to have duplicated deployment/service just for change the filters rules, maybe would be good to have different endpoints in the same container. Just a suggestion as new feature for next versions.

Answer 3 · 2019-02-28T23:09:18.000Z

It is planned to have conditional validation over headers on issue #5, once the URI is passed through a header from nginx to the authenticator, it should help you, but will match against LDAP users and groups only, if you intend to match on other LDAP server the solution is still duplicating the authenticator.

Answer 4 · 2019-03-01T10:01:17.000Z

Yes that is good #5.

My idea is use the same LDAP server but use another requiredGroups in the different endpoints.