ibm-cloudkubernetes-ingressibm-appid

Is it possible to configure AppId in Kubernetes Ingress with both types web and api at the same time?


So that a browser would show the login page if no authentication is provided, but the backend would accept calls with a valid bearer token header as well.

Is that possible? If so, how?

We have several kubernetes services in the same namespace behind an ingress and annotated the ingress with

ingress.bluemix.net/appid-auth: "bindSecret=binding-appidname namespace=somenamespace requestType=api serviceName=service-a"

requestType=web will work too, but requestType=api,web does not work, neither does adding the annotation twice with the respective request types.

The AppId Documentation (https://console.bluemix.net/docs/services/appid/tutorial-kubernetes-auth.html) states in the descriptino of "serviceName": To use multiple request types in the same cluster, configure an instance of App ID to use web and another to use api., so I got the impression it should be possible to use both at the same time.


Solution

  • You can protect multiple services with different requestTypes in the same namespace using Ingress annotation. The syntax is:

    ingress.bluemix.net/appid-auth: "bindSecret=binding-appid-01 requestType=web serviceName=service1;bindSecret=binding-appid-01 requestType=api serviceName=service2;bindSecret=binding-appid-02 requestType=web serviceName=service3;"