Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supporting authenticated and unauthenticated paths for single ALB and shared ALB #2352

Closed
blevine opened this issue Nov 10, 2021 · 2 comments
Closed

Supporting authenticated and unauthenticated paths for single ALB and shared ALB #2352

blevine opened this issue Nov 10, 2021 · 2 comments

Comments

@blevine
Copy link

blevine commented Nov 10, 2021

This is related to issue #2151.

From the comments, it's unclear to me how to proceed to support the following scenarios:

  1. Single ALB in which some paths are secured via OIDC and some are not.
    Do I define 2 NodePort services using the same ports, one of which includes the alb.ingress.kubernetes.io/auth-type (and related annotations) and one that does not. And then associate the different paths with either the unsecured or secured NodePort service?

  2. Shared ALB using IngressGroup
    If each application defines its ALB with secured and unsecured paths as described in 1, will this be merged correctly into the single shared ALB?
@M00nF1sh
Copy link
Collaborator

@blevine
For #1, yes, you can define 2 nodePort services to achieve it. The auth annotation on service takes priority.
For #2, yes as well. If both Ingress are within same group with alb.ingress.kubernetes.io/group.name annotation

Both option can achieve your desired effect.

@blevine
Copy link
Author

blevine commented Nov 11, 2021

Thank you @M00nF1sh ! Closing.

@blevine blevine closed this as completed Nov 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blevine @M00nF1sh