ingress-nginx-helm/examples/auth/oauth-external-auth/index.html

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link href=https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/ rel=canonical><link href=../external-auth/ rel=prev><link href=../../customization/configuration-snippets/ rel=next><link rel=icon href=../../../assets/images/favicon.png><meta name=generator content="mkdocs-1.5.3, mkdocs-material-9.4.5"><title>External OAUTH Authentication - Ingress-Nginx Controller</title><link rel=stylesheet href=../../../assets/stylesheets/main.6a10b989.min.css><link rel=stylesheet href=../../../assets/stylesheets/palette.356b1318.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><link rel=stylesheet href=../../../extra.css><script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=teal data-md-color-accent=green> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#external-oauth-authentication class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class="md-header md-header--shadow md-header--lifted" data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../../.. title="Ingress-Nginx Controller" class="md-header__button md-logo" aria-label="Ingress-Nginx Controller" data-md-component=logo> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Ingress-Nginx Controller </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> External OAUTH Authentication </span> </div> </div> </div> <label class="md-header__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg> <
<span class=nt>metadata</span><span class=p>:</span>
<span class=w>  </span><span class=nt>name</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">application</span>
<span class=w>  </span><span class=nt>annotations</span><span class=p>:</span>
<span class=w>    </span><span class=nt>nginx.ingress.kubernetes.io/auth-url</span><span class=p>:</span><span class=w> </span><span class=s>&quot;https://$host/oauth2/auth&quot;</span>
<span class=w>    </span><span class=nt>nginx.ingress.kubernetes.io/auth-signin</span><span class=p>:</span><span class=w> </span><span class=s>&quot;https://$host/oauth2/start?rd=$escaped_request_uri&quot;</span>
<span class=nn>...</span>
</code></pre></div> <h3 id=example-oauth2-proxy-kubernetes-dashboard>Example: OAuth2 Proxy + Kubernetes-Dashboard<a class=headerlink href=#example-oauth2-proxy-kubernetes-dashboard title="Permanent link"> ¶</a></h3> <p>This example will show you how to deploy <a href=https://github.com/pusher/oauth2_proxy><code>oauth2_proxy</code></a> into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using GitHub as the OAuth2 provider.</p> <h4 id=prepare>Prepare<a class=headerlink href=#prepare title="Permanent link"> ¶</a></h4> <ol> <li> <p>Install the kubernetes dashboard</p> <div class=highlight><pre><span></span><code><span class=go>kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
</code></pre></div> </li> <li> <p>Create a <a href=https://github.com/settings/applications/new>custom GitHub OAuth application</a></p> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app.png></p> <ul> <li>Homepage URL is the FQDN in the Ingress rule, like <code>https://foo.bar.com</code></li> <li>Authorization callback URL is the same as the base FQDN plus <code>/oauth2/callback</code>, like <code>https://foo.bar.com/oauth2/callback</code></li> </ul> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app-2.png></p> </li> <li> <p>Configure values in the file <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml><code>oauth2-proxy.yaml</code></a> with the values:</p> <ul> <li>OAUTH2_PROXY_CLIENT_ID with the github <code>&lt;Client ID&gt;</code></li> <li>OAUTH2_PROXY_CLIENT_SECRET with the github <code>&lt;Client Secret&gt;</code></li> <li>OAUTH2_PROXY_COOKIE_SECRET with value of <code>python -c 'import os,base64; print(base64.b64encode(os.urandom(16)).decode("ascii"))'</code></li> <li>(optional, but recommended) OAUTH2_PROXY_GITHUB_USERS with GitHub usernames to allow to login</li> <li><code>__INGRESS_HOST__</code> with a valid FQDN (e.g. <code>foo.bar.com</code>)</li> <li><code>__INGRESS_SECRET__</code> with a Secret with a valid SSL certificate</li> </ul> </li> <li> <p>Deploy the oauth2 proxy and the ingress rules by running:</p> <div class=highlight><pre><span></span><code><span class=gp>$ </span>kubectl<span class=w> </span>create<span class=w> </span>-f<span class=w> </span>oauth2-proxy.yaml
</code></pre></div> </li> </ol> <h4 id=test>Test<a class=headerlink href=#test title="Permanent link"> ¶</a></h4> <p>Test the integration by accessing the configured URL, e.g. <code>https://foo.bar.com</code></p> <p><img alt="Register OAuth2 Application" src=images/github-auth.png></p> <p><img alt="GitHub authentication" src=images/oauth-login.png></p> <p><img alt="Kubernetes dashboard" src=images/dashboard.png></p> <h3 id=example-vouch-proxy-kubernetes-dashboard>Example: Vouch Proxy + Kubernetes-Dashboard<a class=headerlink href=#example-vouch-proxy-kubernetes-dashboard title="Permanent link"> ¶</a></h3> <p>This example will show you how to deploy <a href=https://github.com/vouch/vouch-proxy><code>Vouch Proxy</code></a> into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using GitHub as the OAuth2 provider.</p> <h4 id=prepare_1>Prepare<a class=headerlink href=#prepare_1 title="Permanent link"> ¶</a></h4> <ol> <li> <p>Install the kubernetes dashboard</p> <div class=highlight><pre><span></span><code><span class=go>kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
</code></pre></div> </li> <li> <p>Create a <a href=https://github.com/settings/applications/new>custom GitHub OAuth application</a></p> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app.png></p> <ul> <li>Homepage URL is the FQDN in the Ingress rule, like <code>https://foo.bar.com</code></li> <li>Authorization callback URL is the same as the base FQDN plus <code>/oauth2/auth</code>, like <code>https://foo.bar.com/oauth2/auth</code></li> </ul> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app-2.png></p> </li> <li> <p>Configure Vouch Proxy values in the file <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/vouch-proxy.yaml><code>vouch-proxy.yaml</code></a> with the values:</p> <ul> <li>VOUCH_COOKIE_DOMAIN with value of <code>&lt;Ingress Host&gt;</code></li> <li>OAUTH_CLIENT_ID with the github <code>&lt;Client ID&gt;</code></li> <li>OAUTH_CLIENT_SECRET with the github <code>&lt;Client Secret&gt;</code></li> <li>(optional, but recommended) VOUCH_WHITELIST with GitHub usernames to allow to login</li> <li><code>__INGRESS_HOST__</code> with a valid FQDN (e.g. <code>foo.bar.com</code>)</li> <li><code>__INGRESS_SECRET__</code> with a Secret with a valid SSL certificate</li> </ul> </li> <li> <p>Deploy Vouch Proxy and the ingress rules by running:</p> <div class=highlight><pre><span></span><code><span class=gp>$ </span>kubectl<span class=w> </span>create<span class=w> </span>-f<span class=w> </span>vouch-proxy.yaml
</code></pre></div> </li> </ol> <h4 id=test_1>Test<a class=headerlink href=#test_1 title="Permanent link"> ¶</a></h4> <p>Test the integration by accessing the configured URL, e.g. <code>https://foo.bar.com</code></p> <p><img alt="Register OAuth2 Application" src=images/github-auth.png></p> <p><img alt="GitHub authentication" src=images/oauth-login.png></p> <p><img alt="Kubernetes dashboard" src=images/dashboard.png></p> </article> </div> </div> </main> <footer class=md-footer> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <div class=md-dialog data-md-component=dialog> <div class="md-dialog__inner md-typeset"></div> </div> <script id=__config type=application/json>{"base": "../../..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.instant", "navigation.sections"], "search": "../../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script> <script src=../../../assets/javascripts/bundle.aecac24b.min.js></script> </body> </html>
Deploy GitHub Pages 2024-09-15 15:04:08 +00:00			<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link href=https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/ rel=canonical><link href=../external-auth/ rel=prev><link href=../../customization/configuration-snippets/ rel=next><link rel=icon href=../../../assets/images/favicon.png><meta name=generator content="mkdocs-1.5.3, mkdocs-material-9.4.5"><title>External OAUTH Authentication - Ingress-Nginx Controller</title><link rel=stylesheet href=../../../assets/stylesheets/main.6a10b989.min.css><link rel=stylesheet href=../../../assets/stylesheets/palette.356b1318.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><link rel=stylesheet href=../../../extra.css><script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=teal data-md-color-accent=green> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#external-oauth-authentication class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class="md-header md-header--shadow md-header--lifted" data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../../.. title="Ingress-Nginx Controller" class="md-header__button md-logo" aria-label="Ingress-Nginx Controller" data-md-component=logo> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Ingress-Nginx Controller </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> External OAUTH Authentication </span> </div> </div> </div> <label class="md-header__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg> <
Deploy GitHub Pages 2021-01-11 15:59:14 +00:00			`<span class=nt>metadata</span><span class=p>:</span>`
Deploy GitHub Pages 2023-10-12 19:31:18 +00:00			`<span class=w> </span><span class=nt>name</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">application</span>`
			`<span class=w> </span><span class=nt>annotations</span><span class=p>:</span>`
			`<span class=w> </span><span class=nt>nginx.ingress.kubernetes.io/auth-url</span><span class=p>:</span><span class=w> </span><span class=s>"https://$host/oauth2/auth"</span>`
			`<span class=w> </span><span class=nt>nginx.ingress.kubernetes.io/auth-signin</span><span class=p>:</span><span class=w> </span><span class=s>"https://$host/oauth2/start?rd=$escaped_request_uri"</span>`
Deploy GitHub Pages 2021-01-11 15:59:14 +00:00			`<span class=nn>...</span>`
Deploy GitHub Pages 2022-01-17 00:58:25 +00:00			</code></pre></div> <h3 id=example-oauth2-proxy-kubernetes-dashboard>Example: OAuth2 Proxy + Kubernetes-Dashboard<a class=headerlink href=#example-oauth2-proxy-kubernetes-dashboard title="Permanent link"> ¶</a></h3> <p>This example will show you how to deploy <a href=https://github.com/pusher/oauth2_proxy><code>oauth2_proxy</code></a> into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using GitHub as the OAuth2 provider.</p> <h4 id=prepare>Prepare<a class=headerlink href=#prepare title="Permanent link"> ¶</a></h4> <ol> <li> <p>Install the kubernetes dashboard</p> <div class=highlight><pre><span></span><code><span class=go>kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
Deploy GitHub Pages 2024-01-28 16:33:36 +00:00			</code></pre></div> </li> <li> <p>Create a <a href=https://github.com/settings/applications/new>custom GitHub OAuth application</a></p> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app.png></p> <ul> <li>Homepage URL is the FQDN in the Ingress rule, like <code>https://foo.bar.com</code></li> <li>Authorization callback URL is the same as the base FQDN plus <code>/oauth2/callback</code>, like <code>https://foo.bar.com/oauth2/callback</code></li> </ul> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app-2.png></p> </li> <li> <p>Configure values in the file <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/oauth2-proxy.yaml><code>oauth2-proxy.yaml</code></a> with the values:</p> <ul> <li>OAUTH2_PROXY_CLIENT_ID with the github <code><Client ID></code></li> <li>OAUTH2_PROXY_CLIENT_SECRET with the github <code><Client Secret></code></li> <li>OAUTH2_PROXY_COOKIE_SECRET with value of <code>python -c 'import os,base64; print(base64.b64encode(os.urandom(16)).decode("ascii"))'</code></li> <li>(optional, but recommended) OAUTH2_PROXY_GITHUB_USERS with GitHub usernames to allow to login</li> <li><code>__INGRESS_HOST__</code> with a valid FQDN (e.g. <code>foo.bar.com</code>)</li> <li><code>__INGRESS_SECRET__</code> with a Secret with a valid SSL certificate</li> </ul> </li> <li> <p>Deploy the oauth2 proxy and the ingress rules by running:</p> <div class=highlight><pre><span></span><code><span class=gp>$ </span>kubectl<span class=w> </span>create<span class=w> </span>-f<span class=w> </span>oauth2-proxy.yaml
			</code></pre></div> </li> </ol> <h4 id=test>Test<a class=headerlink href=#test title="Permanent link"> ¶</a></h4> <p>Test the integration by accessing the configured URL, e.g. <code>https://foo.bar.com</code></p> <p><img alt="Register OAuth2 Application" src=images/github-auth.png></p> <p><img alt="GitHub authentication" src=images/oauth-login.png></p> <p><img alt="Kubernetes dashboard" src=images/dashboard.png></p> <h3 id=example-vouch-proxy-kubernetes-dashboard>Example: Vouch Proxy + Kubernetes-Dashboard<a class=headerlink href=#example-vouch-proxy-kubernetes-dashboard title="Permanent link"> ¶</a></h3> <p>This example will show you how to deploy <a href=https://github.com/vouch/vouch-proxy><code>Vouch Proxy</code></a> into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using GitHub as the OAuth2 provider.</p> <h4 id=prepare_1>Prepare<a class=headerlink href=#prepare_1 title="Permanent link"> ¶</a></h4> <ol> <li> <p>Install the kubernetes dashboard</p> <div class=highlight><pre><span></span><code><span class=go>kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
			</code></pre></div> </li> <li> <p>Create a <a href=https://github.com/settings/applications/new>custom GitHub OAuth application</a></p> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app.png></p> <ul> <li>Homepage URL is the FQDN in the Ingress rule, like <code>https://foo.bar.com</code></li> <li>Authorization callback URL is the same as the base FQDN plus <code>/oauth2/auth</code>, like <code>https://foo.bar.com/oauth2/auth</code></li> </ul> <p><img alt="Register OAuth2 Application" src=images/register-oauth-app-2.png></p> </li> <li> <p>Configure Vouch Proxy values in the file <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/auth/oauth-external-auth/vouch-proxy.yaml><code>vouch-proxy.yaml</code></a> with the values:</p> <ul> <li>VOUCH_COOKIE_DOMAIN with value of <code><Ingress Host></code></li> <li>OAUTH_CLIENT_ID with the github <code><Client ID></code></li> <li>OAUTH_CLIENT_SECRET with the github <code><Client Secret></code></li> <li>(optional, but recommended) VOUCH_WHITELIST with GitHub usernames to allow to login</li> <li><code>__INGRESS_HOST__</code> with a valid FQDN (e.g. <code>foo.bar.com</code>)</li> <li><code>__INGRESS_SECRET__</code> with a Secret with a valid SSL certificate</li> </ul> </li> <li> <p>Deploy Vouch Proxy and the ingress rules by running:</p> <div class=highlight><pre><span></span><code><span class=gp>$ </span>kubectl<span class=w> </span>create<span class=w> </span>-f<span class=w> </span>vouch-proxy.yaml
			</code></pre></div> </li> </ol> <h4 id=test_1>Test<a class=headerlink href=#test_1 title="Permanent link"> ¶</a></h4> <p>Test the integration by accessing the configured URL, e.g. <code>https://foo.bar.com</code></p> <p><img alt="Register OAuth2 Application" src=images/github-auth.png></p> <p><img alt="GitHub authentication" src=images/oauth-login.png></p> <p><img alt="Kubernetes dashboard" src=images/dashboard.png></p> </article> </div> </div> </main> <footer class=md-footer> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <div class=md-dialog data-md-component=dialog> <div class="md-dialog__inner md-typeset"></div> </div> <script id=__config type=application/json>{"base": "../../..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.instant", "navigation.sections"], "search": "../../../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script> <script src=../../../assets/javascripts/bundle.aecac24b.min.js></script> </body> </html>