Share via

Reading ingress annotation from Azure key vault and validating incoming request

Tanul 1,251 Reputation points
2020-10-08T07:48:28.833+00:00

Team,

For validating any custom header in nginx with docker(or any virtual server) we have to update nginx.conf like this 

location /risksecretspoc {
    if ( $http_my_custom_header != 'some-value' ) {
        return 403;
    }

In the same way, I'm trying to validate custom headers in ingress. The problem is that the name of the custom header is fix due to which I have to add this annotation: 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  annotations:        
    nginx.ingress.kubernetes.io/configuration-snippet: |     
      more_set_headers "X-Custom-Header: <static token>";
  name: myingress
  namespace: default
spec:
  tls:
  - hosts:

Is there any way to set this static api token in key vault and read it in ingress. As shown in this document that at various places only by specifying secretname like this works 

nginx.ingress.kubernetes.io/auth-secret: secretName

But in my case complete value is in quotes which will consider this name as string. By following this link I can make the value as secret but how to use it in case of custom header with ingress for creating a validation step for all incoming requests.

Thank you

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,148 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,892 questions
Accepted answer
  1. prmanhas-MSFT 17,891 Reputation points Microsoft Employee
    2020-10-19T08:33:22.973+00:00

    @Tanul Thank you for your patience over the matter and for all the inconvenience this issue might have caused.

    One such article which demonstrates configuration of the nginx ingress controller via a ConfigMap to pass a custom list of headers to the upstream server is as below:

    https://kubernetes.github.io/ingress-nginx/examples/customization/custom-headers/

    This article might not suffice to your requirement but still might be helpful in understanding custom headers role in nginx.

    Keyvault integration with AKS recently came under Supported Scenario and there are still scenarios which Product Group is working on so you can add your suggestion here on our feedback forum as well where our Product Group is quiet active and post with highest number of upvotes is taken into consideration and worked upon.

    I have provided your input to our internal team as well to take into consideration going forward and if there are any updates on that part I will keep you posted on same.

    Hope it helps!!!

    If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.

    Note : The articles in the mentioned answer which are not the official documentation from Microsoft side, so we can't confirm on the working of components as mentioned in the article. We have just tried to provide you the information which can be helpful to you with the current issue you are facing and help you in resolving the same.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest