OAuth2

On this page

1. Disabling OAuth2

With the default values of the chart, OAuth2 authentication will be enabled to access the clean feature (URL https://<clean-segment>.<prefix>.<hostname>) and the Seq log monitoring tool.

Internally it uses an Oauth2 proxy, which supports all the most common providers (Azure, Google, etc.). Read their documentation for further information.

The chart assumes the usage of Azure, however it is possible to use other providers:

1. Create a new Application registration in Azure AD.

2. Allow the following endpoints for redirection in the Azure AD application
   • https://<clean-segment>.<prefix>.<hostname>/oauth2/callback
   • https://<app-segment>.<prefix>.<hostname>/oauth2/callback (refer to the DNS section).

3. Create a new client secret (under Certificates and Secrets).

4. Create a secret with the keys
   • OAUTH2_PROXY_CLIENT_ID: this is the Application (client) ID from Azure AD
   • OAUTH2_PROXY_CLIENT_SECRET: A client secret generated in Azure AD
   • OAUTH2_PROXY_COOKIE_SECRET: A random string
5. Set the following in your values.yml file override.

    oauth2:
        environment:
            OAUTH2_PROXY_EMAIL_DOMAIN: <email-domain-for-authentication>
        secretRefName: <name-of-secret-created above>
   

Disabling OAuth2

You can disable it entirely by setting:

oauth2:
    enabled: false

You can also disable it for individual components by only adding to the for key those elements you want to have OAuth2 enabled for:

oauth2:
    for:
    - seq
    - openrefine