0

I'm having this config from Caddy and I want to migrate it to ingress nginx controller

    @restrictAccess {
        path /path1/loc1/*
        path /path2/loc3/*
    }
    route @restrictAccess {
        forward_auth check-auth:1221 {
            uri /review/request
            copy_headers Cookie
            @deniedAccess status 403
            handle_response @deniedAccess {
                respond "Access denied!" 403
            }
        }

        @pathOrigin header Origin *
        header @pathOrigin {
            +Vary "Origin"
            +Access-Control-Allow-Credentials "true"
            +Access-Control-Allow-Origin "{http.request.header.Origin}" 
        }
    }

What I'm having right now for ingress is: (LE with the solution maybe will help someone else)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/auth-url: http://check-auth.default.svc.cluster.local:1221//review/request
    nginx.ingress.kubernetes.io/auth-snippet: |
       if ( $request_uri !~ ^/path1/loc1/ ) {
         return 200;
       }
    nginx.ingress.kubernetes.io/configuration-snippet: |
       if ( $request_uri ~ ^/path1/loc1/ ) {
         more_set_headers "Access-Control-Allow-Origin: $http_origin";
         more_set_headers "Access-Control-Allow-Credentials: true";
         more_set_headers "Vary: Origin";
         more_set_headers "Cookie: $http_cookie";
       }
  name: ingress-1
  namespace: default
spec:
  ingressClassName: nginx
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          service:
            name: page
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific

but don't know how to actually finish this.

Any help is more than welcome.

Improve this question

1 Answer 1

Reset to default
0

Founded the solution.

Use of auth-url and auth-snippet will do the trick

The end result will look like:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/auth-url: http://check-auth.default.svc.cluster.local:1221//review/request
    nginx.ingress.kubernetes.io/auth-snippet: |
       if ( $request_uri !~ ^/path1/loc1/ ) {
         return 200;
       }
    nginx.ingress.kubernetes.io/configuration-snippet: |
       if ( $request_uri ~ ^/path1/loc1/ ) {
         more_set_headers "Access-Control-Allow-Origin: $http_origin";
         more_set_headers "Access-Control-Allow-Credentials: true";
         more_set_headers "Vary: Origin";
         more_set_headers "Cookie: $http_cookie";
       }
  name: ingress-1
  namespace: default
spec:
  ingressClassName: nginx
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          service:
            name: page
            port:
              number: 80
        path: /
        pathType: ImplementationSpecific
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.