github.com/nginxinc/kubernetes-ingress@v1.12.5/examples-of-custom-resources/jwt/README.md

github.com/nginxinc/kubernetes-ingress@v1.12.5/examples-of-custom-resources/jwt/README.md (about)

     1  # JWT
     2  
     3  In this example, we deploy a web application, configure load balancing for it via a VirtualServer, and apply a JWT policy.
     4  
     5  ## Prerequisites
     6  
     7  1. Follow the [installation](https://docs.nginx.com/nginx-ingress-controller/installation/installation-with-manifests/) instructions to deploy the Ingress Controller.
     8  1. Save the public IP address of the Ingress Controller into a shell variable:
     9      ```
    10      $ IC_IP=XXX.YYY.ZZZ.III
    11      ```
    12  1. Save the HTTP port of the Ingress Controller into a shell variable:
    13      ```
    14      $ IC_HTTP_PORT=<port number>
    15      ```
    16  
    17  ## Step 1 - Deploy a Web Application
    18  
    19  Create the application deployment and service:
    20  ```
    21  $ kubectl apply -f webapp.yaml
    22  ```
    23  
    24  ## Step 2 - Deploy the JWK Secret
    25  
    26  Create a secret with the name `jwk-secret` that will be used for JWT validation:
    27  ```
    28  $ kubectl apply -f jwk-secret.yaml
    29  ```
    30  
    31  ## Step 3 - Deploy the JWT Policy
    32  
    33  Create a policy with the name `jwt-policy` that references the secret from the previous step and only permits requests to our web application that contain a valid JWT:
    34  ```
    35  $ kubectl apply -f jwt.yaml
    36  ```
    37  
    38  ## Step 4 - Configure Load Balancing
    39  
    40  Create a VirtualServer resource for the web application:
    41  ```
    42  $ kubectl apply -f virtual-server.yaml
    43  ```
    44  
    45  Note that the VirtualServer references the policy `jwt-policy` created in Step 3.
    46  
    47  ## Step 5 - Test the Configuration
    48  
    49  If you attempt to access the application without providing a valid JWT, NGINX will reject your requests for that VirtualServer:
    50  ```
    51  $ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT/
    52  <html>
    53  <head><title>401 Authorization Required</title></head>
    54  <body>
    55  <center><h1>401 Authorization Required</h1></center>
    56  <hr><center>nginx/1.19.1</center>
    57  </body>
    58  </html>
    59  ```
    60  
    61  If you provide a valid JWT, your request will succeed:
    62  ```
    63  $ curl --resolve webapp.example.com:$IC_HTTP_PORT:$IC_IP http://webapp.example.com:$IC_HTTP_PORT/ -H "token: `cat token.jwt`"
    64  Server address: 172.17.0.3:8080
    65  Server name: webapp-7c6d448df9-lcrx6
    66  Date: 10/Sep/2020:18:20:03 +0000
    67  URI: /
    68  Request ID: db2c07ce640755ccbe9f666d16f85620
    69  ```