axdotl
commented
5 years ago Hi @kfox1111 I'm not really get your point. Could you explain it in a little more detail?
Open kfox1111 opened 5 years ago
axdotl
commented
5 years ago Hi @kfox1111 I'm not really get your point. Could you explain it in a little more detail?
kfox1111
commented
5 years ago so, for example, see https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/oauth-external-auth (and maybe https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml)
This plugs in oauth2_proxy into nginx-ingress as a pure auth plugin.
I'm thinking keycloak-client-controller has enough information to launch the authentication bits for the user to go along with the client bits that it is retrieving?
So, maybe the user puts in a few config options in the CustomResource and it automatically provisions the auth plugin for them?
That would allow the user to focus on developing their website, and through a k8s object can get the whole security layer added for them.
axdotl
commented
5 years ago Got it, and I support this idea. But as this actually not fit to our scenario (we're using traefik and keycloak-gatekeeper), we'll not implement this soon.
I'll let this issue open and maybe someone else will implement this and create a PR. Thanks for the idea!
This is a really interesting project. :)
Feature idea, what if the controller could also drive nginx-ingress ingress rules and an oauth2 deployment to plugin the authentication into the process. Maybe that is a different crd, or an annotation on an ingress?
It would make it significantly easier to not only get a client but also start using it.