With the default values of the chart, OAuth2 authentication will be enabled to access the clean feature (URL
https://<clean-segment>.<prefix>.<hostname>) and the
Seq log monitoring tool.
Internally it uses an Oauth2 proxy, which supports all the most common providers (Azure, Google, etc.). Read their documentation for further information.
The chart assumes the usage of Azure, however it is possible to use other providers:
Create a new Application registration in Azure AD.
- Allow the following endpoints for redirection in the Azure AD application
https://<app-segment>.<prefix>.<hostname>/oauth2/callback(refer to the DNS section).
Create a new client secret (under Certificates and Secrets).
- Create a secret with the keys
OAUTH2_PROXY_CLIENT_ID: this is the Application (client) ID from Azure AD
OAUTH2_PROXY_CLIENT_SECRET: A client secret generated in Azure AD
OAUTH2_PROXY_COOKIE_SECRET: A random string
- Set the following in your
oauth2: environment: OAUTH2_PROXY_EMAIL_DOMAIN: <email-domain-for-authentication> secretRefName: <name-of-secret-created above>
You can disable it entirely by setting:
oauth2: enabled: false
You can also disable it for individual components by only adding to the
for key those elements you want to have OAuth2 enabled for:
oauth2: for: - seq - openrefine