Conversation
davidcheung
force-pushed
the
example-private-data-from-backend
branch
2 times, most recently
from
30c565f to
5877d15
Compare
davidcheung
force-pushed
the
example-private-data-from-backend
branch
from
5877d15 to
127e3bd
Compare
|
Are you going to add the k8s changes in this PR as well or separately? |
@bmonkman the k8s changes as in the oathkeeper rules? do i only need to create the |
Yes, creating the rules and also conditionally creating the ingress. |
| @@ -0,0 +1,31 @@ | |||
| apiVersion: oathkeeper.ory.sh/v1alpha1 | |||
There was a problem hiding this comment.
Could you add a doc to each of these so people know what they are for? Especially the backend endpoints which are the ones a developer is more likely to need to change in the future.
Actually, I wonder if kratos-public and kratos-form-data should be set up in the kubernetes terraform instead, since they aren't really specific to the app.. And maybe we even want a different subdomain for it? like auth.<% index .Params productionHostRoot %>?
Might be worth doing some testing though, because it depends on how they have set up the session cookie. If it's tied to the subdomain we'll have to do it this way otherwise it won't be able to read the cookie.
There was a problem hiding this comment.
thats true, they dont really have much to do with the backend itself 🤔
as in Oathkeeper will listen from 2 ingresses? then proxy to the same place after?
yeah the cookie/redirection stuff may cause issues
2 participants
x-user-idandx-user-email