Setup AuthN for services with no native login

Question

Setup AuthN for services with no native login

xunholy opened this issue 4 years ago · 3 comments

Details

Services such as Prometheus don't have native login oauth2 integration, this can be provided using envoy filters similar to the kiali envoy filter to enforce traffic is authenticated prior to hitting the downstream service via the virtual service resource.

Answer 1 · 2020-10-16T10:10:12.000Z

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.86. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

Answer 2 · 2021-04-08T21:47:19.000Z

Some small discussion was had here #70

Answer 3 · 2021-04-14T08:35:53.000Z

meshConfig:
    extensionProviders:
      - name: oauth2-proxy
        envoyExtAuthzHttp:
          service: oauth2-proxy.network.svc.cluster.local
          port: 80
          includeHeadersInCheck: ['authorization', 'cookie']
          headersToUpstreamOnAllow:
            [
              'authorization',
              'path',
              'x-auth-request-user',
              'x-auth-request-email',
              'x-auth-request-access-token',
            ]
          headersToDownstreamOnDeny: ['content-type', 'set-cookie']

      v1.9.2 implements external providers which can now easily integrate with oauth2-proxy + DEX