February 16, 2021 | 16:15

Allowing Basic Auth through IAP

If you need to use basic auth when behind IAP, you can work around it by setting a custom header, and then remapping it after you get past IAP. Specifically when running NGINX Ingress on GKE.

My example is for allowing Basic Auth to Jenkins while running behind IAP on GKE. I created a custom header called X-Jenkins-Authorization. (This can be anything, and for any service, not just jenkins).

Some official examples: https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers

Kubernetes Nginx Ingress configmap changes

...
data:
    proxy-set-headers: `somens/nginx-proxy-headers`
...

Proxy Headers config map:

apiVersion: v1
data:
  Authorization: ${http_x_jenkins_authorization}
kind: ConfigMap
metadata:
  name: nginx-proxy-headers
  namespace: somens

Apply those accordingly, and now you can basic auth through IAP, you just need to set your basic auth in the appropriate header.

© Yulian Kuncheff 2020

Powered by Hugo.