application-gateway-kubernetes-ingress icon indicating copy to clipboard operation
application-gateway-kubernetes-ingress copied to clipboard

Published 20 hours ago verified publisher icon Azure

Basic authentication

Open PatricioDanos opened this issue 6 years ago • 13 comments

While doing our dev for our application, it's common for us to do some basic auth to protect access to it. Nginx ingress controller has Basic Auth as part of its solution by adding an htpasswd file as a secret, and a few annotations pointing to it. Here's the README.md for that implementation:

https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/basic

Is it possible to implement something like this? This way we can secure access on a basic level until we implement a more robust authentication in our application code. This could also be a starting point to adding different authentication methos in the ingress controller, same as the nginx one.

PatricioDanos avatar Jul 26 '19 14:07 PatricioDanos

@delqn Any idea how we can easily achieve this? Basic authentication shouldn't be a showstopper to use the application gateway imho..

Baklap4 avatar Sep 16 '19 10:09 Baklap4

I've ended up removing this ingress controller and using nginx with modsecurity. It would be nice to have this feature in this ingress controller though.

PatricioDanos avatar Oct 30 '19 13:10 PatricioDanos

Let me echo this. This is preventing us from using the application gateway controller where we do out at the edge.

What I'm personally looking at is the equivalent of these three annotations:

nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
nginx.ingress.kubernetes.io/auth-tls-verify-depth: "2"
nginx.ingress.kubernetes.io/auth-tls-secret: "XXX"

Any plan to implement this?

LucaPrete avatar Nov 22 '19 08:11 LucaPrete

@LucaPrete We are close on supporting mutual auth on Application Gateway. Once that is ready, we will work on exposing it through AGIC.

akshaysngupta avatar Dec 12 '19 01:12 akshaysngupta

@LucaPrete We are close on supporting mutual auth on Application Gateway. Once that is ready, we will work on exposing it through AGIC. @akshaysngupta Are you saying client certificates will be supported on Appplication Gateway? That would be really great...?

MarcelT-NL avatar Mar 31 '20 22:03 MarcelT-NL

@akshaysngupta Is there any update on exposing mutual auth through AGIC as i understand that application gateway do support mutual auth via SSL profiles?

xs2bharat avatar Aug 17 '21 15:08 xs2bharat

Does AGIC has this basic auth feature like what Nginx provides

jithin03 avatar Aug 20 '21 08:08 jithin03

any update on this feature request?

dshakey avatar Oct 13 '21 18:10 dshakey

Hello, still working in backlog?

sintetico82 avatar Oct 28 '22 16:10 sintetico82

@LucaPrete We are close on supporting mutual auth on Application Gateway. Once that is ready, we will work on exposing it through AGIC.

@akshaysngupta Could you update the progress here?

josedev-union avatar Sep 01 '23 08:09 josedev-union

it has been a couple of years - what is going on? everything OK?

dash042 avatar Feb 16 '24 09:02 dash042

it has been a couple of years - what is going on? everything OK?

We transitioned all new sites to ingress-nginx due to things like this and app gateways having awful certificate limits.

isujtauke avatar Feb 16 '24 12:02 isujtauke

it has been a couple of years - what is going on? everything OK?

We transitioned all new sites to ingress-nginx due to things like this and app gateways having awful certificate limits.

makes sense - I use Traefik for this and several other very good reasons but the customer thought the AppGW was a grand idea... :/

dash042 avatar Feb 16 '24 14:02 dash042