Open rr-sarvesh-padia opened 2 years ago
Relevant ExtAuth received from glooctl proxy dump -n gloo-system
command
{
"name": "envoy.filters.http.ext_authz",
"typed_config":
{
"@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz",
"http_service":
{
"server_uri":
{
"uri": "http://not-used.example.com/",
"cluster": "auth-server_gloo-system",
"timeout": "0.500s"
},
"authorization_request":
{
"allowed_headers":
{
"patterns":
[
{
"exact": "X-foo"
}
]
}
}
},
"with_request_body":
{
"max_request_bytes": 10240
},
"metadata_context_namespaces":
[
"envoy.filters.http.jwt_authn"
],
"transport_api_version": "V3"
}
}
Please note - typed_config.http_service.server_uri
is not set. Most probably this is root cause of this issue.
It might be easier to get help on questions in the community Slack https://slack.solo.io/
It might be easier to get help on questions in the community Slack https://slack.solo.io/
I asked question related to this in the community Slack. They asked me to create an GH issue. Thanks https://solo-io.slack.com/archives/C9L6VPAUW/p1637020406078600
This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.
Describe the bug I’m trying to setup custom ext-auth for Gloo Edge(open source) and facing some issues. Please find the details of my setup below -
Note - This issue is reproducible even with sample custom auth example on Gloo Edge's site, if we deploy custom auth server in different k8s cluster than Gloo Edge.
Note - Custom Authorization Server(http based) is in a different k8s cluster, I have created a static upstream to reach to that server. I have created a test VS which points to this upstream and made sure we can reach Authorization Server via test VS and static upstream. Settings CR -
Upstreams CR -
Virtual service CR -
I’m getting 404 when I call an endpoint which is behind external custom auth in my Virtual service.
To Reproduce Steps to reproduce the behavior:
helm install gloo . --namespace gloo-system --create-namespace -f value-overrides.yaml
value-overrides.yaml
create static upstream to connect to external custom auth server
kubectl apply --filename authorization-upstream.yaml
authorization-upstream.yamlcreate virtual service
kubectl apply --filename authentication-service-vs.yaml
Verify you can reach the service -
Make changes in VS to add external custom auth -
kubectl apply --filename authentication-service-vs.yaml
Check if you can reach application endpoint behind external custom auth -
Expected behavior Should be able to reach the endpoint behind external custom auth if auth passes and should not see 404.
Additional context Add any other context about the problem here, e.g.