Support APIKey authentication #5089
Closed
brianehlert
started this conversation in
Ideas
Replies: 2 comments
-
|
Policy proposal: (imagine the values are base64 strings) |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This has been delivered with NIC 3.6 as a built-in capability. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
NGINX Plus offers a number of capabilities that align with API Gateway use cases.
One of those capabilities is APIKey based authentication.
This would introduce a new APIKey Policy object, the necessary configuration / NJS functions, the ability to associate a key or set of keys with a server or location block, support for VirtualServer and VirtualServerRoute, and a pattern for customers to follow when defining a single or set of APIKeys that is consistent with the NGINX implementation.
NGINX Ingress Controller supports both single and multi-tenant use cases.
In the single tenant use case, one team is responsible for the ingress controller configuration and all of the managed hostnames and paths.
In this case a single team would maintain the secret(s) that contain the key(s) and the header the application supports when passing the key(s) in the request.
In the multi-tenant use case, there might be multiple application teams that define different unique keys for their users, but share a single ingress controller deployment.
It is believed that the complicated workflow is supporting how customers allocate and assign key(s) in a way that is compatible with Kubernetes and that allows the customer to segment key management among multiple teams.
The ingress controller should not be a key management system itself. It should not generate or assign keys, but rather support the use if APIKeys as a method of enforcement for allow/deny of access to server and location blocks.
Beta Was this translation helpful? Give feedback.
All reactions