Closed GhangZh closed 2 years ago
tokers
commented
2 years ago Hi,
These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature.
It seems that we have some issues in APISIX repo with the related topic https://github.com/apache/apisix/issues/5475.
GhangZh
commented
2 years ago Hi,
These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature.
It seems that we have some issues in APISIX repo with the related topic apache/apisix#5475. Thanks,So if I do an http request forwarding to my forwoard auth service by customizing a plugin, it will be fine, right?
tokers
commented
2 years ago Hi, These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature. It seems that we have some issues in APISIX repo with the related topic apache/apisix#5475. Thanks,So if I do an http request forwarding to my forwoard auth service by customizing a plugin, it will be fine, right?
That's right, you can implement a custom plugin to support it, but it would better if you'd like to design a generic solution and send a proposal to the mailing list (dev@apisix.apache.org), then others can also use it if they desire.
GhangZh
commented
2 years ago Hi, These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature. It seems that we have some issues in APISIX repo with the related topic apache/apisix#5475. Thanks,So if I do an http request forwarding to my forwoard auth service by customizing a plugin, it will be fine, right?
That's right, you can implement a custom plugin to support it, but it would better if you'd like to design a generic solution and send a proposal to the mailing list (dev@apisix.apache.org), then others can also use it if they desire.
I would like to implement a custom plugin to support it , but I found that I can use severless plugin for custom authentication , But I see the serverless plugin documentation is only written as a function, I want to write an http proxy in it, this plug-in can support it?
tokers
commented
2 years ago Hi,
These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature.
It seems that we have some issues in APISIX repo with the related topic apache/apisix#5475.
Thanks,So if I do an http request forwarding to my forwoard auth service by customizing a plugin, it will be fine, right?
That's right, you can implement a custom plugin to support it, but it would better if you'd like to design a generic solution and send a proposal to the mailing list (dev@apisix.apache.org), then others can also use it if they desire.
I would like to implement a custom plugin to support it , but I found that I can use severless plugin for custom authentication , But I see the serverless plugin documentation is only written as a function, I want to write an http proxy in it, this plug-in can support it?
Sure, you can do anything in the server-less functions.
tao12345666333
commented
2 years ago We need to wait for APISIX to implement this feature before we can start
tao12345666333
commented
2 years ago APISIX has implemented the forward-auth plugin.
We can consider adding support for this feature. But before we start we need a design proposal.
tao12345666333
commented
2 years ago I edited the title to make it more clear. Maybe we just need to add some annotations to support it.
nayihz
commented
2 years ago Maybe we just need to add some annotations to support it.
I want to try to implement this. Plz assign to me.
tao12345666333
commented
2 years ago thanks @cmssczy
mhh12121
commented
2 years ago So how's the thing going about this plugin ?
tao12345666333
commented
2 years ago @mhh12121 This feature has been implemented in #937
mhh12121
commented
2 years ago @tao12345666333 Terrrrrific! Thank all of you ! But what if I wanna apply apisixRoute with forward-auth plugin? Could u plz offer some examples?
tao12345666333
commented
2 years ago @tao12345666333 Terrrrrific! Thank all of you !
But what if I wanna apply apisixRoute with forward-auth plugin? Could u plz offer some examples?
@mhh12121 you can see the example here https://github.com/apache/apisix-ingress-controller/blob/master/test/e2e/suite-annotations/forward_auth.go
mhh12121
commented
2 years ago @tao12345666333 Thank you! I've already tried it not only with ApiRoute but also Ingress way;
As the result, the ingress way seems not work at all with forward-auth plugin:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: apisix
k8s.apisix.apache.org/auth-uri: "http://auth-svc.default.svc.cluster.local:1234/auth"
k8s.apisix.apache.org/auth-request-headers: Authorization
k8s.apisix.apache.org/auth-upstream-headers: user-id
k8s.apisix.apache.org/auth-client-headers: Location
name: test-ingress
spec:
rules:
- http:
paths:
- path: /test
pathType: Exact
backend:
service:
name: auth-svc
port:
number: 8084
Instead, I succeed by ApiRoute way
apiVersion: apisix.apache.org/v2beta3
kind: ApisixRoute
metadata:
name: httpserver-route
spec:
http:
- name: rule1
match:
paths:
- /test
backends:
- serviceName: auth-svc
servicePort: 1234
resolveGranularity: service
plugins:
- enable: true
name: forward-auth
config:
uri: "http://auth-svc.default.svc.cluster.local:1234/auth"
request_headers: ["Authorization"]
upstream_headers: ["user-id"]
client_headers: ["Location"]Could you please have a check?
tao12345666333
commented
2 years ago @mhh12121 In the above e2e we already have test cases for coverage. If you encounter a problem, please file a new issue describing it in detail, do not discuss it in this issue. thanks
Issue description
Does apisix-ingress-controller support these annotations, I directly use is not effective. I mainly want to use these annotations for external authentication services
Environment
apisix-ingress-controller version --long);kubectl version);uname -a).