Hey Ory community! 👋 Back with another guide on protecting services using Ory tools. This time, I'm sharing how to secure any upstream service (like Prometheus, Grafana, etc.) with Oathkeeper and Kratos, complete with Google Workspace authentication. The post includes Kubernetes configurations and step-by-step instructions. If you've found my previous Ory guides helpful, this one builds on those concepts with a practical use case. https://developer-friendly.blog/blog/2024/12/30/how-to-protect-any-upstream-service-with-operational-authentication/ Would love to hear your thoughts and experiences with similar setups!

thank you for providing the guide. I have a question about this section https://developer-friendly.blog/blog/2024/12/30/how-to-protect-any-upstream-service-with-operational-authentication/#kratos-self-service-ui-node do you know how I can use oathkeeper's decision API with ingress instead of using oathkeeper as a proxy?

@straight-lizard-48774 I have seen this in the Ory doc; they have a link to the corresponding nginx documentation: oathkeeper url: https://www.ory.sh/docs/oathkeeper nginx follow-up: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/ I hope this addresses your issue

oh thank you, my bad I missed that in the documentation. thank you 🙂