Closed jmpokar closed 3 years ago
My application deployed on openshift has url as https://host:port/app/v1/hello/ We have configured openshift/oauth-proxy and it works great.
Now further we have requirement of Path based routing, like if URL has /app/v1 then redirect to different Service1 and if /app/v2 then to Service2
Here is the working example of our configuration,
`kind: Template apiVersion: v1 metadata: name: deployment-template objects: - apiVersion: v1 kind: ServiceAccount metadata: name: my-service-account annotations: serviceaccounts.openshift.io/oauth-redirectreference.first: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"my-route"}}' - apiVersion: v1 kind: Service metadata: name: my-service annotations: service.alpha.openshift.io/serving-cert-secret-name: proxy-tls spec: selector: app: spring-boot-docker-openshift-hello-world ports: - name: api protocol: TCP port: 443 #Port the service listens on. targetPort: 8443 #Port on the backing pods to which the service forwards connections. - apiVersion: v1 kind: Route metadata: name: my-route spec: port: targetPort: api path: "/" to: kind: Service name: my-service tls: termination: Reencrypt - apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: labels: app: spring-boot-docker-openshift-hello-world version: 0.0.1-SNAPSHOT.1.dev name: spring-boot-docker-openshift-hello-world spec: replicas: 1 selector: app: spring-boot-docker-openshift-hello-world strategy: rollingParams: timeoutSeconds: 3600 type: Rolling template: metadata: labels: app: spring-boot-docker-openshift-hello-world version: 0.0.1-SNAPSHOT.1.dev spec: serviceAccount: my-service-account serviceAccountName: my-service-account containers: - name: spring-boot-docker-openshift-hello-world env: - name: KUBERNETES_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: pokarjm/spring-boot-docker-openshift-hello-world:0.0.1-SNAPSHOT.1.dev imagePullPolicy: IfNotPresent securityContext: privileged: false ports: - containerPort: 8080 protocol: TCP - name: oauth-proxy image: openshift/oauth-proxy:latest imagePullPolicy: IfNotPresent ports: - containerPort: 8443 name: public args: - --https-address=:8443 - --provider=openshift - --openshift-service-account=my-service-account - --upstream=http://localhost:8080 - --tls-cert=/etc/tls/private/tls.crt - --tls-key=/etc/tls/private/tls.key - --cookie-secret-file=/etc/proxy/secret/session_secret - --openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - --openshift-sar={"namespace":"spring-boot-docker-openshift-hello-world","resource":"services","name":"my-service","verb":"get"} - --request-logging=true volumeMounts: - mountPath: /etc/tls/private name: proxy-tls readOnly: true - mountPath: /etc/proxy/secret name: oauth-proxy-secret readOnly: true volumes: - name: proxy-tls secret: defaultMode: 420 secretName: proxy-tls - name: oauth-proxy-secret secret: defaultMode: 420 secretName: oauth-proxy-secret triggers: - type: ConfigChange `
Now to support path based routing, that is map the request /app/v1 then redirect to Service1, I just added the Path in route like below,
`- apiVersion: v1 kind: Route metadata: name: my-route spec: port: targetPort: api path: "/app/v1" to: kind: Service name: my-service tls: termination: Reencrypt`
but with this changes I can see a initial sign in page like below
but after clicking the button above instead of getting the openshift login page, I see below,
If I change the path in route to path: "/" it works and shows login screen. Appreciate any help on fixing path based routing in openshift/oauth-proxy.
got the answer: https://stackoverflow.com/questions/64040017/securing-path-based-routing-on-openshift
jmpokar
commented
3 years ago jmpokar
commented
3 years ago
My application deployed on openshift has url as https://host:port/app/v1/hello/ We have configured openshift/oauth-proxy and it works great.
Now further we have requirement of Path based routing, like if URL has /app/v1 then redirect to different Service1 and if /app/v2 then to Service2
Here is the working example of our configuration,
Now to support path based routing, that is map the request /app/v1 then redirect to Service1, I just added the Path in route like below,
but with this changes I can see a initial sign in page like below
but after clicking the button above instead of getting the openshift login page, I see below,
If I change the path in route to path: "/" it works and shows login screen. Appreciate any help on fixing path based routing in openshift/oauth-proxy.