Closed GhangZh closed 2 years ago
Hi,
These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature.
It seems that we have some issues in APISIX repo with the related topic https://github.com/apache/apisix/issues/5475.
Hi,
These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature.
It seems that we have some issues in APISIX repo with the related topic apache/apisix#5475. Thanks,So if I do an http request forwarding to my forwoard auth service by customizing a plugin, it will be fine, right?
Hi, These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature. It seems that we have some issues in APISIX repo with the related topic apache/apisix#5475. Thanks,So if I do an http request forwarding to my forwoard auth service by customizing a plugin, it will be fine, right?
That's right, you can implement a custom plugin to support it, but it would better if you'd like to design a generic solution and send a proposal to the mailing list (dev@apisix.apache.org), then others can also use it if they desire.
Hi, These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature. It seems that we have some issues in APISIX repo with the related topic apache/apisix#5475. Thanks,So if I do an http request forwarding to my forwoard auth service by customizing a plugin, it will be fine, right?
That's right, you can implement a custom plugin to support it, but it would better if you'd like to design a generic solution and send a proposal to the mailing list (dev@apisix.apache.org), then others can also use it if they desire.
I would like to implement a custom plugin to support it , but I found that I can use severless plugin for custom authentication , But I see the serverless plugin documentation is only written as a function, I want to write an http proxy in it, this plug-in can support it?
Hi,
These annotations are not parsed by APISIX Ingress Controller, and what's more, the underlying APISIX doesn't support the forward auth feature.
It seems that we have some issues in APISIX repo with the related topic apache/apisix#5475.
Thanks,So if I do an http request forwarding to my forwoard auth service by customizing a plugin, it will be fine, right?
That's right, you can implement a custom plugin to support it, but it would better if you'd like to design a generic solution and send a proposal to the mailing list (dev@apisix.apache.org), then others can also use it if they desire.
I would like to implement a custom plugin to support it , but I found that I can use severless plugin for custom authentication , But I see the serverless plugin documentation is only written as a function, I want to write an http proxy in it, this plug-in can support it?
Sure, you can do anything in the server-less functions.
We need to wait for APISIX to implement this feature before we can start
APISIX has implemented the forward-auth plugin.
We can consider adding support for this feature. But before we start we need a design proposal.
I edited the title to make it more clear. Maybe we just need to add some annotations to support it.
Maybe we just need to add some annotations to support it.
I want to try to implement this. Plz assign to me.
thanks @cmssczy
So how's the thing going about this plugin ?
@mhh12121 This feature has been implemented in #937
@tao12345666333 Terrrrrific! Thank all of you ! But what if I wanna apply apisixRoute with forward-auth plugin? Could u plz offer some examples?
@tao12345666333 Terrrrrific! Thank all of you !
But what if I wanna apply apisixRoute with forward-auth plugin? Could u plz offer some examples?
@mhh12121 you can see the example here https://github.com/apache/apisix-ingress-controller/blob/master/test/e2e/suite-annotations/forward_auth.go
@tao12345666333 Thank you! I've already tried it not only with ApiRoute but also Ingress way;
As the result, the ingress
way seems not work at all with forward-auth plugin:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: apisix
k8s.apisix.apache.org/auth-uri: "http://auth-svc.default.svc.cluster.local:1234/auth"
k8s.apisix.apache.org/auth-request-headers: Authorization
k8s.apisix.apache.org/auth-upstream-headers: user-id
k8s.apisix.apache.org/auth-client-headers: Location
name: test-ingress
spec:
rules:
- http:
paths:
- path: /test
pathType: Exact
backend:
service:
name: auth-svc
port:
number: 8084
Instead, I succeed by ApiRoute
way
apiVersion: apisix.apache.org/v2beta3
kind: ApisixRoute
metadata:
name: httpserver-route
spec:
http:
- name: rule1
match:
paths:
- /test
backends:
- serviceName: auth-svc
servicePort: 1234
resolveGranularity: service
plugins:
- enable: true
name: forward-auth
config:
uri: "http://auth-svc.default.svc.cluster.local:1234/auth"
request_headers: ["Authorization"]
upstream_headers: ["user-id"]
client_headers: ["Location"]
Could you please have a check?
@mhh12121 In the above e2e we already have test cases for coverage. If you encounter a problem, please file a new issue describing it in detail, do not discuss it in this issue. thanks
Issue description
Does apisix-ingress-controller support these annotations, I directly use is not effective. I mainly want to use these annotations for external authentication services
Environment
apisix-ingress-controller version --long
);kubectl version
);uname -a
).