Created
May 15, 2018 12:37
-
-
Save KaustubhKhati/77c34478fcba3fee93704f4806f6bfa7 to your computer and use it in GitHub Desktop.
oauth2_proxy in K8s with nginx-Ingress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: Ingress | |
metadata: | |
annotations: | |
ingress.kubernetes.io/auth-url: https://$host/oauth2/auth | |
ingress.kubernetes.io/auth-signin: https://$host/oauth2/start | |
ingress.kubernetes.io/secure-backends: "true" | |
kubernetes.io/ingress.class: nginx | |
name: external-auth-oauth2 | |
namespace: kube-system | |
spec: | |
rules: | |
- host: dashboard.example.com | |
http: | |
paths: | |
- backend: | |
serviceName: kubernetes-dashboard | |
servicePort: 8443 | |
path: / | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Ingress | |
metadata: | |
name: oauth2-proxy | |
namespace: kube-system | |
spec: | |
rules: | |
- host: dashboard.example.com | |
http: | |
paths: | |
- backend: | |
serviceName: oauth2-proxy | |
servicePort: 4180 | |
path: /oauth2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
labels: | |
k8s-app: oauth2-proxy | |
name: oauth2-proxy | |
namespace: kube-system | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
k8s-app: oauth2-proxy | |
template: | |
metadata: | |
labels: | |
k8s-app: oauth2-proxy | |
spec: | |
containers: | |
- args: | |
- --provider=github | |
- --email-domain=* | |
- --upstream=file:///dev/null | |
- --http-address=0.0.0.0:4180 | |
- --login-url=https://github.enterprise.org/login/oauth/authorize | |
- --redeem-url=https://github.enterprise.org/login/oauth/access_token | |
- --validate-url=https://github.enterprise.org/api/v3 | |
env: | |
- name: OAUTH2_PROXY_CLIENT_ID | |
value: <ID> | |
- name: OAUTH2_PROXY_CLIENT_SECRET | |
value: <SECRET> | |
# python -c 'import os,base64; print base64.b64encode(os.urandom(16))' | |
- name: OAUTH2_PROXY_COOKIE_SECRET | |
value: <COOKIE> | |
image: <IMAGE> #can use this https://hub.docker.com/r/colemickens/oauth2_proxy/ | |
imagePullPolicy: Always | |
name: oauth2-proxy | |
ports: | |
- containerPort: 4180 | |
protocol: TCP | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
k8s-app: oauth2-proxy | |
name: oauth2-proxy | |
namespace: kube-system | |
spec: | |
ports: | |
- name: http | |
port: 4180 | |
protocol: TCP | |
targetPort: 4180 | |
selector: | |
k8s-app: oauth2-proxy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment