ingress-nginx-helm

History

Cole Mickens 09e6aabce4 Add auth-signin annotation		2017-03-08 20:24:01 -03:00
..
dashboard.ingress.yaml	Add auth-signin annotation	2017-03-08 20:24:01 -03:00
deployment.yaml	Add auth-signin annotation	2017-03-08 20:24:01 -03:00
README.md	Add auth-signin annotation	2017-03-08 20:24:01 -03:00

README.md

External Authentication

Overview

The auth-url and auth-signin annotations allow you to use an external authentication provider to protect your Ingress resources.

(Note, this annotation requires nginx-ingress-controller v0.9.0 or greater.)

Key Detail

This functionality is enabled by deploying multiple Ingress objects for a single host. One Ingress object has no special annotations and handles authentication.

Other Ingress objects can then be annotated in such a way that require the user to authenticate against the first Ingress's endpoint, and can redirect 401s to the same endpoint.

Sample:

...
metadata:
  name: application
  annotations:
    "ingress.kubernetes.io/auth-url": "https://$host/oauth2/auth"
    "ingress.kubernetes.io/signin-url": "https://$host/oauth2/sign_in"
...

Example: OAuth2 Proxy + Kubernetes-Dashboard

This example will show you how to deploy oauth2_proxy into a Kubernetes cluster and use it to protect the Kubernetes Dashboard.

Prepare:

export DOMAIN="somedomain.io"
Install nginx-ingress. If you haven't already, consider using helm: $ helm install stable/nginx-ingress
Make sure you have a TLS cert added as a Secret named ingress-tls that corresponds to your $DOMAIN.

Deploy: `oauth2_proxy`

This is the Deployment object that runs oauth2_proxy.