Kubernetes Ingress perform authorization before route, like api gateway
Ingress
manifest is just input for a controller. You also need an Ingress Controller, an proxy that understand the Ingress
object. Kong and Nginx is two examples of implementation.
Nginx Ingress Controller is provided from the Kubernetes community and it has an example of configuring an external oauth2 proxy using annotations
annotations: nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"