Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate simple auth basic to Openshift Routes. #20324

Open
jkroepke opened this issue Jul 15, 2018 · 7 comments
Open

Integrate simple auth basic to Openshift Routes. #20324

jkroepke opened this issue Jul 15, 2018 · 7 comments
Assignees
@ironcladlou
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. sig/network-edge

Comments

@jkroepke
Copy link

Hi,

HAProxy supports auth basic. Sometimes its required to simply protect debug/dev or web server stats urls.

It would be nicely if routes can be project via annotations. Is might looks insecure, but since certificates are included as plaintext so it should be okay.

Version
oc version
oc v3.9.0+191fece
kubernetes v1.9.1+a0ce1bc657
features: Basic-Auth

Server 
openshift v3.9.0+71543b2-33
kubernetes v1.9.1+a0ce1bc657
Additional Information

HAProxy documentations: https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#3.4

With the new ingress handler upcoming in 3.10, auth basic credentials can be provided as secret like: https://github.com/kubernetes/ingress-nginx/tree/c9fcefe8401cb9e61d5989d836aa7e9dbda71ca1/docs/examples/auth/basic
@hufon
Copy link

hufon commented Jul 24, 2018

+1

@jwforres
Copy link
Member

@openshift/sig-network-edge

@openshift-merge-robot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 23, 2018
@jkroepke
Copy link
Author

/lifecycle frozen

@openshift-ci-robot openshift-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Oct 23, 2018
@jkroepke
Copy link
Author

/remove-lifecycle stale

@ibotty
Copy link
Contributor

ibotty commented Oct 21, 2020

That would be really great. It is possible with custom templating and mounting a secret. Would you accept a PR implementing it?

@jkroepke
Copy link
Author

mounting a secret

RedHat decide to avoid a dependency against user provided secrets.

Thats one reason why certificate and private keys are part of the Route object.

It looks like the content of a htaccss needs to be passed inside a value of a annotation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ironcladlou ironcladlou

Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. sig/network-edge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ibotty @ironcladlou @jwforres @jkroepke @hufon @openshift-ci-robot @openshift-merge-robot