Ingress-nginx: OpenID

No. That is out of the scope of the nginx ingress controller.

You can use a custom nginx configured with that module and try to use the external auth example https://github.com/kubernetes/ingress/tree/master/examples/external-auth/nginx as reference to see if it is possible to make it work like the oauth2 proxy

Ok. Thanks for the info.

@aledbf @eicnix wouldn't it make sense to make this available at the ingress decorator level? essentially plugin would check with server like keycloak if the jwt token is valid, and then based on group membership it would be able to allow or deny access to unprotected kube services. this would allow for having a single ingress grid with mapping of very many individual container protected by nginx oidc plugin in various group membership configurations all configured with decorators. swagger openapi does that perfectly https://swagger.io/docs/specification/authentication/openid-connect-discovery/ but no-one clued into making that into an ingress controller yet.

You can use a custom nginx configured with that module and try to use the external auth example https://github.com/kubernetes/ingress/tree/master/examples/external-auth/nginx as reference to see if it is possible to make it work like the oauth2 proxy

@aledbf link is broken. Do you know where is the relevant documentation now?

It's really sad that ingress-nginx won't have support for Oidc, even if just enabling the necessary plugins and letting us configure it via config snippet.

New Link of the documentation is:
https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/auth/external-auth

With the new ingress-nginx plugin system you can achieve this yourself. In https://www.elvinefendi.com/2019/11/22/ingress-nginx-openidc-plugin.html I describe how to use the plugin system to add OpenID Connect support to ingress-nginx.