DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2020-02-09 23:53:05 +00:00
parent ec2af1dbc3
commit 006cda8fee
62 changed files with 1885 additions and 1843 deletions
Download patch file Download diff file Expand all files Collapse all files

53
examples/auth/oauth-external-auth/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#external-oauth-authentication" tabindex="1" class="md-skip">
<a href="#external-oauth-authentication" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1251,45 +1251,45 @@
<h1 id="external-oauth-authentication">External OAUTH Authentication<a class="headerlink" href="#external-oauth-authentication" title="Permanent link"></a></h1>
<h3 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link"></a></h3>
<p>The <code class="codehilite">auth-url</code> and <code class="codehilite">auth-signin</code> annotations allow you to use an external
<p>The <code class="codehilite"><span class="err">auth-url</span></code> and <code class="codehilite"><span class="err">auth-signin</span></code> annotations allow you to use an external
authentication provider to protect your Ingress resources.</p>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>This annotation requires <code class="codehilite">nginx-ingress-controller v0.9.0</code> or greater.)</p>
<p>This annotation requires <code class="codehilite"><span class="err">nginx-ingress-controller v0.9.0</span></code> or greater.)</p>
</div>
<h3 id="key-detail">Key Detail<a class="headerlink" href="#key-detail" title="Permanent link"></a></h3>
<p>This functionality is enabled by deploying multiple Ingress objects for a single host.
One Ingress object has no special annotations and handles authentication.</p>
<p>Other Ingress objects can then be annotated in such a way that require the user to
authenticate against the first Ingress's endpoint, and can redirect <code class="codehilite">401</code>s to the
authenticate against the first Ingress's endpoint, and can redirect <code class="codehilite"><span class="err">401</span></code>s to the
same endpoint.</p>
<p>Sample:</p>
<div class="codehilite"><pre><span></span><span class="nn">...</span>
<div class="codehilite"><pre><span></span><code><span class="nn">...</span>
<span class="nt">metadata</span><span class="p">:</span>
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">application</span>
<span class="nt">annotations</span><span class="p">:</span>
<span class="nt">nginx.ingress.kubernetes.io/auth-url</span><span class="p">:</span> <span class="s">&quot;https://$host/oauth2/auth&quot;</span>
<span class="nt">nginx.ingress.kubernetes.io/auth-signin</span><span class="p">:</span> <span class="s">&quot;https://$host/oauth2/start?rd=$escaped_request_uri&quot;</span>
<span class="nn">...</span>
</pre></div>
</code></pre></div>
<h3 id="example-oauth2-proxy-kubernetes-dashboard">Example: OAuth2 Proxy + Kubernetes-Dashboard<a class="headerlink" href="#example-oauth2-proxy-kubernetes-dashboard" title="Permanent link"></a></h3>
<p>This example will show you how to deploy <a href="https://github.com/pusher/oauth2_proxy"><code class="codehilite">oauth2_proxy</code></a>
<p>This example will show you how to deploy <a href="https://github.com/pusher/oauth2_proxy"><code class="codehilite"><span class="err">oauth2_proxy</span></code></a>
into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using github as oAuth2 provider</p>
<h4 id="prepare">Prepare<a class="headerlink" href="#prepare" title="Permanent link"></a></h4>
<ol>
<li>Install the kubernetes dashboard</li>
</ol>
<div class="codehilite"><pre><span></span><span class="go">kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
</code></pre></div>
<ol>
<li>Create a <a href="https://github.com/settings/applications/new">custom Github OAuth application</a></li>
</ol>
<p><img alt="Register OAuth2 Application" src="images/register-oauth-app.png" /></p>
<ul>
<li>Homepage URL is the FQDN in the Ingress rule, like <code class="codehilite">https://foo.bar.com</code></li>
<li>Authorization callback URL is the same as the base FQDN plus <code class="codehilite">/oauth2</code>, like <code class="codehilite">https://foo.bar.com/oauth2</code></li>
<li>Homepage URL is the FQDN in the Ingress rule, like <code class="codehilite"><span class="c">https://foo.bar.com</span></code></li>
<li>Authorization callback URL is the same as the base FQDN plus <code class="codehilite"><span class="err">/oauth2</span></code>, like <code class="codehilite"><span class="c">https://foo.bar.com/oauth2</span></code></li>
</ul>
<p><img alt="Register OAuth2 Application" src="images/register-oauth-app-2.png" /></p>
<ol>
@ -1297,9 +1297,9 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
<p>Configure oauth2_proxy values in the file oauth2-proxy.yaml with the values:</p>
</li>
<li>
<p>OAUTH2_PROXY_CLIENT_ID with the github <code class="codehilite">&lt;Client ID&gt;</code></p>
<p>OAUTH2_PROXY_CLIENT_ID with the github <code class="codehilite"><span class="err">&lt;Client ID&gt;</span></code></p>
</li>
<li>OAUTH2_PROXY_CLIENT_SECRET with the github <code class="codehilite">&lt;Client Secret&gt;</code></li>
<li>OAUTH2_PROXY_CLIENT_SECRET with the github <code class="codehilite"><span class="err">&lt;Client Secret&gt;</span></code></li>
<li>
<p>OAUTH2_PROXY_COOKIE_SECRET with value of <code class="codehilite"><span class="n">python</span> <span class="o">-</span><span class="n">c</span> <span class="s1">&#39;import os,base64; print(base64.b64encode(os.urandom(16)).decode(&quot;ascii&quot;))&#39;</span></code></p>
</li>
@ -1307,20 +1307,21 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
<p>Customize the contents of the file dashboard-ingress.yaml:</p>
</li>
</ol>
<p>Replace <code class="codehilite">__INGRESS_HOST__</code> with a valid FQDN and <code class="codehilite">__INGRESS_SECRET__</code> with a Secret with a valid SSL certificate.</p>
<p>Replace <code class="codehilite"><span class="err">__INGRESS_HOST__</span></code> with a valid FQDN and <code class="codehilite"><span class="err">__INGRESS_SECRET__</span></code> with a Secret with a valid SSL certificate.</p>
<ol>
<li>Deploy the oauth2 proxy and the ingress rules running:</li>
</ol>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml
</code></pre></div>
<p>Test the oauth integration accessing the configured URL, like <code class="codehilite">https://foo.bar.com</code></p>
<p>Test the oauth integration accessing the configured URL, like <code class="codehilite"><span class="c">https://foo.bar.com</span></code></p>
<p><img alt="Register OAuth2 Application" src="images/github-auth.png" /></p>
<p><img alt="Github authentication" src="images/oauth-login.png" /></p>
<p><img alt="Kubernetes dashboard" src="images/dashboard.png" /></p>
@ -1375,9 +1376,9 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1387,7 +1388,7 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>