OAuth2
deployment kubernetes oauth2On this page
With the default values of the chart, OAuth2 authentication will be enabled to access the clean feature (URL https://<clean-segment>.<prefix>.<hostname>
) and the Seq
log monitoring tool.
Internally it uses an Oauth2 proxy, which supports all the most common providers (Azure, Google, etc.). Read their documentation for further information.
The chart assumes the usage of Azure, however it is possible to use other providers:
Create a new Application registration in Azure AD.
- Allow the following endpoints for redirection in the Azure AD application
https://<clean-segment>.<prefix>.<hostname>/oauth2/callback
https://<app-segment>.<prefix>.<hostname>/oauth2/callback
(refer to the DNS section).
Create a new client secret (under Certificates and Secrets).
- Create a secret with the keys
OAUTH2_PROXY_CLIENT_ID
: this is the Application (client) ID from Azure ADOAUTH2_PROXY_CLIENT_SECRET
: A client secret generated in Azure ADOAUTH2_PROXY_COOKIE_SECRET
: A random string
- Set the following in your
values.yml
file override.oauth2: environment: OAUTH2_PROXY_EMAIL_DOMAIN: <email-domain-for-authentication> secretRefName: <name-of-secret-created above>
Disabling OAuth2
You can disable it entirely by setting:
oauth2:
enabled: false
You can also disable it for individual components by only adding to the for
key those elements you want to have OAuth2 enabled for:
oauth2:
for:
- seq
- openrefine