THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Knox can be added as an external authorizer by following istio’s External Authorizer guide. The diagram above shows a high level design.
- User makes a request to access a k8s service
- K8s ingress is configured to intercept requests from outside the cluster
- Ingress controller will forward all unauthenticated requests to Knox for authentication/authorization
- In case of failure, Knox will respond with 401 (Authentication failure) or 403 (Authorization failure)
- In case of success, Knox will forward the request to the intended k8s service
- Optionally, Knox can add custom headers [TODO File JIRA]
- Knox can forward configured headers to the downstream service (configured at ingress, this is a white list of headers)
...