Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[che-auth] - use traefik plugin to set authorization header #20070

Closed
Tracked by #19182
sparkoo opened this issue Jul 2, 2021 · 2 comments
Closed
Tracked by #19182

[che-auth] - use traefik plugin to set authorization header #20070

sparkoo opened this issue Jul 2, 2021 · 2 comments
Assignees
@sparkoo
Labels
area/security kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system. sprint/current

Comments

@sparkoo
Copy link
Member

sparkoo commented Jul 2, 2021

Is your task related to a problem? Please describe.

Traefik now supports local plugin (traefik/traefik#8224 documentation is not merged yet, but PR is here traefik/plugindemo#13). We should use this instead of dedicated header-rewrite-proxy component.

Describe the solution you'd like

We can

  1. use some existing plugin that can do what we need https://pilot.traefik.io/plugins
  2. transform header-rewrite-proxy (https://github.com/che-incubator/header-rewrite-proxy/) into traefik plugin

Then we need to update che-operator, to not deploy header-rewrite-proxy, but instead deploy and configure traefik plugin. We also need to update traefik version first, to the version that supports this. We might wait to stable release.

Productize header-rewrite-proxy component as part of CRW https://issues.redhat.com/browse/CRW-1944 this may not be needed or in some different form. We won't need to build dockerimage

Describe alternatives you've considered

Use header-rewrite-proxy as separate component

Additional context

epic: Simplify authentication and authorization with a more flexible and lightweight approach #19182
@sparkoo sparkoo added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Jul 2, 2021
@sparkoo sparkoo mentioned this issue Jul 2, 2021
Closed
23 tasks
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jul 2, 2021
@themr0c themr0c added area/security severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jul 2, 2021
@skabashnyuk skabashnyuk mentioned this issue Jul 7, 2021
Closed
@sparkoo sparkoo mentioned this issue Jul 16, 2021
Closed
@sparkoo sparkoo self-assigned this Jul 16, 2021
This was referenced Jul 16, 2021
Merged
Closed
@sparkoo
Copy link
Member Author

sparkoo commented Jul 16, 2021

Local traefik plugins are supported from version 2.5, to fully support this we need to update Traefik (update Traefik to 2.5 #20142). For development, it is easy to set traefik image in CheCluster CR.

@sparkoo sparkoo mentioned this issue Jul 20, 2021
Merged
@sparkoo
Copy link
Member Author

sparkoo commented Jul 21, 2021

fixed, plugin lives here https://github.com/che-incubator/header-rewrite-traefik-plugin/ , che-operator implements it here eclipse-che/che-operator#938

@sparkoo sparkoo closed this as completed Jul 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sparkoo sparkoo

Labels
area/security kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system. sprint/current
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@themr0c @sparkoo @skabashnyuk @che-bot