Kubernetes: Difference between revisions
Line 364: | Line 364: | ||
proxy_ssl_name $host; | proxy_ssl_name $host; | ||
proxy_ssl_server_name on; | proxy_ssl_server_name on; | ||
</syntaxhighlight> | |||
==Authentication== | |||
[https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/ ingress-nginx external oauth]<br> | |||
If you like to authenticate using an oauth2 provider (e.g. Google, GitHub), I suggest using [https://github.com/oauth2-proxy/oauth2-proxy oauth2-proxy]. | |||
# First setup a deployment of the oauth2, possibly without an upstream. | |||
# Then you can simply add the following annotations to your ingresses to protect them: | |||
<syntaxhighlight lang="yaml"> | |||
nginx.ingress.kubernetes.io/auth-url: "https://oauth2proxy.davidl.me/oauth2/[email protected]" | |||
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2proxy.davidl.me/oauth2/start?rd=$scheme://$host$request_uri" | |||
</syntaxhighlight> | </syntaxhighlight> | ||