February 16, 2021 | 16:15
If you need to use basic auth when behind IAP, you can work around it by setting a custom header, and then remapping it after you get past IAP. Specifically when running NGINX Ingress on GKE.
My example is for allowing Basic Auth to Jenkins while running behind IAP on GKE. I created a custom header called X-Jenkins-Authorization
. (This can be anything, and for any service, not just jenkins).
Some official examples: https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers
Kubernetes Nginx Ingress configmap changes
...
data:
proxy-set-headers: `somens/nginx-proxy-headers`
...
Proxy Headers config map:
apiVersion: v1
data:
Authorization: ${http_x_jenkins_authorization}
kind: ConfigMap
metadata:
name: nginx-proxy-headers
namespace: somens
Apply those accordingly, and now you can basic auth through IAP, you just need to set your basic auth in the appropriate header.