Hi!
I’m trying to use OpenAPI as an Auth0 hook with the ALB Ingress with EKS Kube to add some authentication to a Kibana metrics dashboard.
It works great as long as I have the OIDC configuration lines tagged out, but get all sorts of weird things when I untag them.
I’ve patterned this mostly off of Securing your applications with AWS ALB Built-in Authentication and Auth0 | by Sandrino Di Mattia | Medium and the ingress documentation here: https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#authentication
But something is very much not working.
apiVersion: v1
kind: Secret
metadata:
namespace: kube-system
name: logs-ingress-secret
data:
clientId: xxxx
clientSecret: xxxxx
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: logs-ingress
namespace: kube-system
labels:
app: logs
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-regon-n:xxxxxx:certificate/xxxxxx
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443},{"HTTP":80}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect",
"RedirectConfig":
{ "Protocol":"HTTPS",
"Port": "443",
"StatusCode": "HTTP_301"}}'
#alb.ingress.kubernetes.io/auth-type: oidc
#alb.ingress.kubernetes.io/auth-idp-oidc: '{"Issuer":"https://xxxxxx.us.auth0.com,"AuthorizationEndpoint":"https://xxxxxx.us.auth0.com/authorize","TokenEndpoint":"https://xxxxxx.us.auth0.com/oauth/token","UserInfoEndpoint":"https://xxxxxx.us.auth0.com/userinfo","SecretName":logs-ingress-secret}'
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: ssl-redirect
servicePort: use-annotation
- path: /*
backend:
serviceName: kibana-logging
servicePort: 5601