DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
k8s-ci-robot 2021-08-07 00:08:36 +00:00
parent cca2f76586
commit f67deeab95
24 changed files with 81 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

2
examples/auth/oauth-external-auth/index.html
View file

@ -6,7 +6,7 @@
<span class=nt>nginx.ingress.kubernetes.io/auth-signin</span><span class=p>:</span> <span class=s>&quot;https://$host/oauth2/start?rd=$escaped_request_uri&quot;</span>
<span class=nn>...</span>
</code></pre></div> <h3 id=example-oauth2-proxy-kubernetes-dashboard>Example: OAuth2 Proxy + Kubernetes-Dashboard<a class=headerlink href=#example-oauth2-proxy-kubernetes-dashboard title="Permanent link"></a></h3> <p>This example will show you how to deploy <a href=https://github.com/pusher/oauth2_proxy><code>oauth2_proxy</code></a> into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using github as oAuth2 provider</p> <h4 id=prepare>Prepare<a class=headerlink href=#prepare title="Permanent link"></a></h4> <ol> <li>Install the kubernetes dashboard</li> </ol> <div class=highlight><pre><span></span><code><span class=go>kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
</code></pre></div> <ol> <li>Create a <a href=https://github.com/settings/applications/new>custom Github OAuth application</a></li> </ol> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app.png></p> <ul> <li>Homepage URL is the FQDN in the Ingress rule, like <code>https://foo.bar.com</code></li> <li>Authorization callback URL is the same as the base FQDN plus <code>/oauth2/callback</code>, like <code>https://foo.bar.com/oauth2/callback</code></li> </ul> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app-2.png></p> <ol> <li> <p>Configure oauth2_proxy values in the file <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml><code>oauth2-proxy.yaml</code></a> with the values:</p> </li> <li> <p>OAUTH2_PROXY_CLIENT_ID with the github <code>&lt;Client ID&gt;</code></p> </li> <li>OAUTH2_PROXY_CLIENT_SECRET with the github <code>&lt;Client Secret&gt;</code></li> <li> <p>OAUTH2_PROXY_COOKIE_SECRET with value of <code>python -c 'import os,base64; print(base64.b64encode(os.urandom(16)).decode("ascii"))'</code></p> </li> <li> <p>Customize the contents of the file <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/auth/oauth-external-auth/dashboard-ingress.yaml><code>dashboard-ingress.yaml</code></a>:</p> </li> </ol> <p>Replace <code>__INGRESS_HOST__</code> with a valid FQDN and <code>__INGRESS_SECRET__</code> with a Secret with a valid SSL certificate.</p> <ol> <li>Deploy the oauth2 proxy and the ingress rules running:</li> </ol> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml
</code></pre></div> <ol> <li>Create a <a href=https://github.com/settings/applications/new>custom Github OAuth application</a></li> </ol> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app.png></p> <ul> <li>Homepage URL is the FQDN in the Ingress rule, like <code>https://foo.bar.com</code></li> <li>Authorization callback URL is the same as the base FQDN plus <code>/oauth2/callback</code>, like <code>https://foo.bar.com/oauth2/callback</code></li> </ul> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app-2.png></p> <ol> <li> <p>Configure oauth2_proxy values in the file <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml><code>oauth2-proxy.yaml</code></a> with the values:</p> </li> <li> <p>OAUTH2_PROXY_CLIENT_ID with the github <code>&lt;Client ID&gt;</code></p> </li> <li>OAUTH2_PROXY_CLIENT_SECRET with the github <code>&lt;Client Secret&gt;</code></li> <li> <p>OAUTH2_PROXY_COOKIE_SECRET with value of <code>python -c 'import os,base64; print(base64.b64encode(os.urandom(16)).decode("ascii"))'</code></p> </li> <li> <p>Customize the contents of the file <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/dashboard-ingress.yaml><code>dashboard-ingress.yaml</code></a>:</p> </li> </ol> <p>Replace <code>__INGRESS_HOST__</code> with a valid FQDN and <code>__INGRESS_SECRET__</code> with a Secret with a valid SSL certificate.</p> <ol> <li>Deploy the oauth2 proxy and the ingress rules running:</li> </ol> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml
</code></pre></div> <p>Test the oauth integration accessing the configured URL, like <code>https://foo.bar.com</code></p> <p><img alt="Register OAuth2 Application" src=images/github-auth.png></p> <p><img alt="Github authentication" src=images/oauth-login.png></p> <p><img alt="Kubernetes dashboard" src=images/dashboard.png></p> </article> </div> </div> </main> <footer class=md-footer> <div class=md-footer-nav> <nav class="md-footer-nav__inner md-grid" aria-label=Footer> <a href=../external-auth/ class="md-footer-nav__link md-footer-nav__link--prev" rel=prev> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </div> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Previous </span> External Basic Authentication </div> </div> </a> <a href=../../customization/configuration-snippets/ class="md-footer-nav__link md-footer-nav__link--next" rel=next> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Next </span> Configuration Snippets </div> </div> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg> </div> </a> </nav> </div> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <script src=../../../assets/javascripts/vendor.93c04032.min.js></script> <script src=../../../assets/javascripts/bundle.83e5331e.min.js></script><script id=__lang type=application/json>{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script> <script>
app = initialize({
base: "../../..",