Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clientauth for services #16521

Open
mar1ged opened this issue Sep 23, 2017 · 9 comments
Open

Clientauth for services #16521

mar1ged opened this issue Sep 23, 2017 · 9 comments
Labels
component/auth kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@mar1ged
Copy link

mar1ged commented Sep 23, 2017

This is more a feature request than an issue.

I know it is possible to use client certificate base authentication within OpenShift, for example while logging into the console or using the API endpoint.
What I am trying to achieve is the use of clientauth for services. I know it is possible to tell OpenShift to pass SSL connections to the pods and have them do the ssl handshake and - if needed - client certificate authentication. But this involves setting up the whole thing inside the pods.
In my scenario this would mean setting up a haproxy that does the job inside the container. From my point of view it would be better if "the platform" could handle this.

I have seen that it is possible to deploy customized routers to OpenShift, but I found no way of setting up haproxy specific configuration for handling clientauth in the templates that are there for set up.
@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 20, 2018
@mar1ged
Copy link
Author

mar1ged commented Feb 21, 2018

/remove-lifecycle stale
/lifecycle frohen

I think this is still of interest for me and others, therefore commenting accordingly

@openshift-ci-robot openshift-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 21, 2018
@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 22, 2018
@mar1ged
Copy link
Author

mar1ged commented May 23, 2018

I still do not know about alternatives, so this FR is still of interest

/remove-lifecycle stale

@openshift-ci-robot openshift-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 23, 2018
@simo5 simo5 removed the priority/P2 label May 23, 2018
@simo5
Copy link
Contributor

simo5 commented May 23, 2018

Sounds like this is something Istio is in a better position to deliver to you.

@mar1ged
Copy link
Author

mar1ged commented May 24, 2018

Technically this can be correct, but the company I work for wants to use Redhats Openshift with as few additional components as possible. Therefore my suggestion.

@openshift-bot
Copy link
Contributor

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci-robot openshift-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 22, 2018
@mar1ged
Copy link
Author

mar1ged commented Aug 25, 2018

/remove-lifecycle stale
/lifecycle frozen

@openshift-ci-robot openshift-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Aug 25, 2018
@ericavonb
Copy link
Contributor

@mar1ged istio support in openshift is now in tech preview: https://docs.openshift.com/container-platform/3.11/servicemesh-install/servicemesh-install.html
If you want to auth your services in a similar manner to the console, you can check out https://github.com/openshift/oauth-proxy/ as well.

@openshift-ci-robot openshift-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. and removed kind/enhancement labels Apr 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/auth kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ericavonb @openshift-bot @pweil- @simo5 @mar1ged @openshift-ci-robot