The path part of the configured callback_uri, and if configured, the logout.path must be paths that are routable to the app by the ingress gateway's VirtualService, or else the Authservice at the gateway will not receive those requests and will not be able to process them. This is perhaps counter-intuitive since the Authservice container is no longer running in the app's pod, so it may not feel like this is needed, but it is required.
I am testing this with httpbin. But from my understanding this is enough already.
But the result is just RBAC: access denied for all the VS under ingress gateway.
I have tried to tinker with AuthorizationPolicy, but I couldn't fix anything. I can tell you all the scenarios I have tried but the overall result is it doesn't work at all.
I have tested the sidecar deployment and it was working fine. So I don't know what went south with ingressgateway deployment.
I am struggling to setup auth-service at Ingress Gateway level.
Environments
Applied Manifest
There are some notes that I do not understand:
I am testing this with httpbin. But from my understanding this is enough already.
Result / Error
But the result is just
RBAC: access denied
for all the VS under ingress gateway.I have tried to tinker with AuthorizationPolicy, but I couldn't fix anything. I can tell you all the scenarios I have tried but the overall result is it doesn't work at all.
I have tested the sidecar deployment and it was working fine. So I don't know what went south with ingressgateway deployment.