Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow in-cluster traffic through ambassador while enable basic username/password login with ambassador #2149

Closed
kunmingg opened this issue Dec 20, 2018 · 1 comment · Fixed by #2262
Closed

Allow in-cluster traffic through ambassador while enable basic username/password login with ambassador #2149

kunmingg opened this issue Dec 20, 2018 · 1 comment · Fixed by #2262
Labels
area/ambassador cuj/build-train-deploy platform/gcp priority/p1
Projects
0.5.0

Comments

@kunmingg
Copy link
Contributor

See #2094 for longer story.
Need to allow in cluster traffic while enable basic auth.

By current design, basic auth accept username/password or cookie, but in-cluster traffic would have none of them.

Auth server should recognize in-cluster traffic and allow them.
This should be transparent to individual components.
@kunmingg kunmingg mentioned this issue Dec 20, 2018
Closed
@kunmingg
Copy link
Contributor Author

One easy solution is to have separate ambassador services:

  1. external facing:
  • used by user request, from browser or API call
  • every request validate by auth service
  1. internal facing:
  • used by in-cluster traffic.
  • only accessible within cluster
  • doesn't go through auth service

@jlewi jlewi added this to New in 0.5.0 via automation Dec 21, 2018
@jlewi jlewi moved this from New to Deploy Kubeflow in 0.5.0 Dec 26, 2018
@kunmingg kunmingg mentioned this issue Jan 23, 2019
Merged
0.5.0 automation moved this from Deploy Kubeflow to Done Jan 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ambassador cuj/build-train-deploy platform/gcp priority/p1
Projects
No open projects
0.5.0
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

basic auth service kunmingg/kubeflow
2 participants
@jlewi @kunmingg