External service
Authenticate requests to external services with basic auth.
You can apply external auth policies to services that run outside your cluster.
Before you begin
Follow the Get started guide to install Gloo Gateway.
Follow the Sample app guide to create a gateway proxy with an HTTP listener and deploy the httpbin sample app.
Get the external address of the gateway and save it in an environment variable.
Step 1: Create an external service
Follow the Static backend guide to create an external service that runs outside your cluster.
Step 2: Apply the auth rules
Follow the Basic auth guide to apply the auth rules to your routes.
Step 3: Verify that your routes are secured
Send various requests to verify that external auth is enforced for your routes.
Send a request to the httpbin app. Verify that your request is denied and that you get back a 401 HTTP response code.
Example output:
HTTP/1.1 401 UnauthorizedEncode the expected user credentials in base64 format.
echo -n "user:password" | base64Example output:
dXNlcjpwYXNzd29yZA==Send another request to the httpbin app. This time, you include the base64-encoded
user:passwordcredentials in theAuthorizationheader. Verify that the request succeeds and that you get back a 200 HTTP response code.Example output:
HTTP/1.1 200 OK
Cleanup
You can optionally remove the resources that you set up as part of this guide.Delete the external service.
kubectl delete httproute static-backend kubectl delete backend json-backendDelete the external auth resources.
kubectl delete authconfig basic-auth -n gloo-system kubectl delete glootrafficpolicy test-extauth-policy -n gloo-system