Octavia with IAP

I have an airbyte instance configured in GKE with IAP.

How can I authenticate to octavia on that instance?

I get the following error if I try to just insert the url in the airbyte configuration:

Could not reach your Airbyte instance, make sure the instance is up and running and network reachable: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({‘X-Goog-IAP-Generated-Response’: ‘true’, ‘Content-Length’: ‘34’, ‘Content-Type’: ‘text/html; charset=UTF-8’, ‘Date’: ‘Wed, 01 Jun 2022 19:59:59 GMT’, ‘Alt-Svc’: ‘h3=":443"; ma=2592000,h3-29=":443"; ma=2592000’})
HTTP response body: Invalid GCIP ID token: empty token

I asked Augustin about the topic. But afaik, this is not possible. You need to generate a token to have access in the instance and today Octavia doesn’t handle calls with tokens.

1 Like

You can send custom headers to Airbyte’s API with octavia since v0.39.21! You can set the Authorization headers requested by Google IAP and it should work.

Hi there from the Community Assistance team.
We’re letting you know about an issue we discovered with the back-end process we use to handle topics and responses on the forum. If you experienced a situation where you posted the last message in a topic that did not receive any further replies, please open a new topic to continue the discussion. In addition, if you’re having a problem and find a closed topic on the subject, go ahead and open a new topic on it and we’ll follow up with you. We apologize for the inconvenience, and appreciate your willingness to work with us to provide a supportive community.