nginx-ingress integration

[kfox1111]

This is a really interesting project. :)

Feature idea, what if the controller could also drive nginx-ingress ingress rules and an oauth2 deployment to plugin the authentication into the process. Maybe that is a different crd, or an annotation on an ingress?

It would make it significantly easier to not only get a client but also start using it.

[axdotl]

Hi @kfox1111
I'm not really get your point. Could you explain it in a little more detail?

[kfox1111]

so, for example, see https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/oauth-external-auth (and maybe https://github.com/kubernetes/ingress-nginx/blob/master/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml)

This plugs in oauth2_proxy into nginx-ingress as a pure auth plugin.

I'm thinking keycloak-client-controller has enough information to launch the authentication bits for the user to go along with the client bits that it is retrieving?

So, maybe the user puts in a few config options in the CustomResource and it automatically provisions the auth plugin for them?

That would allow the user to focus on developing their website, and through a k8s object can get the whole security layer added for them.

[axdotl]

Got it, and I support this idea.
But as this actually not fit to our scenario (we're using traefik and keycloak-gatekeeper), we'll not implement this soon.

I'll let this issue open and maybe someone else will implement this and create a PR.
Thanks for the idea!