Closed Bug 1457608 Opened 6 years ago Closed 6 years ago

Make signature validation work on redeployable clusters

Categories

(Taskcluster :: Services, enhancement)

Product:
Taskcluster
Component:
Services
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bstack, Assigned: bstack)

References

Details

Currently the way we have set up the ingress in front of our services in kubernetes will make signature validation... weird (I think).

Things off the top of my head:

1) Most of our services hard-code publicUrl in production.
2) If we do rewrites without changing host header for each service paths will be the same. e.g. v1/ping on auth and v1/ping on index are the "same" so we would need to ensure uniqeness.
3) More that I'm not thinking of


I'm reading up on ingress docs now to see what options we have.


https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#external-authentication


https://kubernetes.io/docs/concepts/services-networking/ingress/
Ok, I've looked into this a bit more. I think I've crystallized the issue. Ignore what I wrote above for the most part.

Will be submitting a PR in a bit that seems to make this work! (now whether or not we _want_ to make this work we can decide on monday)
Assignee: nobody → bstack
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Component: Redeployability → Services
You need to log in before you can comment on or make changes to this bug.