Octavia with IAP

I have an airbyte instance configured in GKE with IAP.

How can I authenticate to octavia on that instance?

I get the following error if I try to just insert the url in the airbyte configuration:

Could not reach your Airbyte instance, make sure the instance is up and running and network reachable: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({‘X-Goog-IAP-Generated-Response’: ‘true’, ‘Content-Length’: ‘34’, ‘Content-Type’: ‘text/html; charset=UTF-8’, ‘Date’: ‘Wed, 01 Jun 2022 19:59:59 GMT’, ‘Alt-Svc’: ‘h3=":443"; ma=2592000,h3-29=":443"; ma=2592000’})
HTTP response body: Invalid GCIP ID token: empty token

I asked Augustin about the topic. But afaik, this is not possible. You need to generate a token to have access in the instance and today Octavia doesn’t handle calls with tokens.

1 Like

You can send custom headers to Airbyte’s API with octavia since v0.39.21! You can set the Authorization headers requested by Google IAP and it should work.