I am looking for Kong Plugin for Ingress Controller where for every user request, it will first authenticate against an API endpoint and if the response is OK, it will redirect to actual user request.
We have recently moved from Traefik to Kong and there is a similar feature in Traefik
Any pointers would be greatly appreciated.
The authentication scheme that Traefik doc covers doesn’t provide specifics, but it sounds similar to what Open Policy Agent provides.
There are a few community plugins that integrate with OPA:
Thanks for your reply.
In the Traefik, we were doing like below
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ngnpb-ingress
namespace: ngnpb
annotations:
kubernetes.io/ingress.class: traefik
ingress.kubernetes.io/protocol: h2c
ingress.kubernetes.io/auth-type: forward
ingress.kubernetes.io/auth-url: http://mgmt-security.ngnpb.svc.cluster.local:29091/validateToken
ingress.kubernetes.io/auth-response-headers: Authorization, Role, User
spec:
rules:
- http:
paths:
- path: /api
backend:
serviceName: mgmt-security
servicePort: 29092
As you can see above, in the annotations we are providing auth-url, so every request to /api
will first go to auth-url and if user is authenticated then only it will redirect to /api.
Hope this is clear now.