Open rohan-97 opened 2 years ago
rohan-97
commented
2 years ago Hi Guys,
Is there any update on this?
Please let me know if I am doing anything wrong or if there are other options/configuration available to achieve this?
Also let me know if anything is the issue is not clear
jcmoraisjr
commented
2 years ago Hi, thanks for the detailed report and sorry about the long delay. Yes it's pretty clear and your request makes sense. I'm not sure you can dynamically configure it, anyway a new tag should be issued shortly adding some new headers.
rohan-97
commented
2 years ago Hi @jcmoraisjr ,
I used config-backend ingress annotation to add the requested URL in the request headers.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: haproxy-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: haproxy
haproxy-ingress.github.io/config-backend: |
http-request set-header X-Auth-Request-Redirect %[capture.req.uri]This configuration works fine, in the endpoint I am able to see X-Auth-Request-Redirect headers set with requested URL.
But when I include auth-server in configuration (refer below yaml file for configuration) I am not able to see the headers getting set in the request received by auth-server
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: haproxy-ingress
namespace: pty-service-dispatcher
annotations:
kubernetes.io/ingress.class: haproxy
haproxy-ingress.github.io/config-backend: |
http-request set-header X-Auth-Request-Redirect %[capture.req.uri]
haproxy-ingress.github.io/auth-url: "http://auth-server-service.default.svc.cluster.local/auth"Is there any way I can inject config snippet which will be applied to request being send to auth-server
jcmoraisjr
commented
1 year ago Hi @rohan-97 this issue was in the backlog longer than it should. After digging a bit more into a way to implement that, I just realized that you can use the headers config key to configure additional headers:
haproxy-ingress.github.io/headers: |
X-Original-Host %[var(req.host)]
X-Original-Method %[capture.req.method]
X-Auth-Request-Redirect %[capture.req.uri]The only drawback is that it is backend scoped, which means that you cannot add these headers only for some hosts/paths that target a backend, all other hosts/paths targeting the same backend will see these same headers. Planning to add a specific auth-external config which is path scoped, as well as a few more doc about this tip, because of that I'll leave this opened.
Description of the problem
Hello, I am trying to integrate an external authentication server using ha-proxy ingress using the auth-url annotation.
the authentication server(Flask server) expects following information to be present in the headers.
Expected behavior It is expected that when ha-proxy ingress controller creates a request to auth-server, it adds all the headers from the client request and also adds above 3 values in headers.
However when I set up the auth-url, I am able to fetch the basic auth headers and client IP but unable to identify the url which was requested in headers.
Following are the headers received at auth-server by ha-proxy ingress controller
requested url : http://localhost/endpoint
I tried same thing with nginx-ingress controller and I get following headers in same auth-server from nginx-controller
refer X-Auth-Request-Redirect or X-Original-Url header in nginx headers, we get the requested URL in the headers, however this information is not present in headers added by haproxy ingress.
It is very important to identify which URL was requested so that auth-server can perform custom authentication based on accessed URL.
Steps to reproduce the problem
CURL syntax:
Environment information
HAProxy Ingress version:
v0.13Ingress objects:
Ingress yaml file
haproxy-ingress-values.yaml