Introduction

• Github, Google, Keycloak 등에게 서비스 접근을 위임
• 내부 서비스 중 가벼운 인증이 필요한 경우 사용

Install

```bash
# generate cookie secret
$ openssl rand -base64 32 | tr -- '+/' '-_'

# register cookie secret & github client info
$ kubectl create ns oauth-proxy
$ kubectl -n oauth-proxy create secret generic github \\
		--from-literal=cookie-secret={generated-cookie-secret} \\
		--from-literal=client-id={github-client-id} \\
		--from-literal=client-secret={github-client-password}

# check registered secret values
$ kubectl -n oauth-proxy get secret github -o jsonpath='{.data}'
```

```bash
$ helm repo add oauth2-proxy <https://oauth2-proxy.github.io/manifests>
$ helm upgrade --cleanup-on-fail \\
		--install oauth-proxy oauth2-proxy/oauth2-proxy \\
		--namespace oauth-proxy --create-namespace \\
		--set nodeSelector."kubernetes\\.io/hostname"=seungbae-pn41 \\
		--values=config.yaml

NAME: oauth-proxy
LAST DEPLOYED: Thu Jul 14 20:49:30 2022
NAMESPACE: oauth-proxy
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
To verify that oauth2-proxy has started, run:

  kubectl --namespace=oauth-proxy get pods -l "app=oauth-proxy-oauth2-proxy"
```

Upgrade

$ helm upgrade --cleanup-on-fail \\
		oauth-proxy oauth2-proxy/oauth2-proxy \\
		--namespace oauth-proxy \\
		--reuse-values \\
		--values=config.yaml

Uninstall

$ helm -n oauth-proxy uninstall oauth-proxy

Reference

• https://artifacthub.io/packages/helm/oauth2-proxy/oauth2-proxy
• https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#keycloak-oidc-auth-provider
• https://blog.codecentric.de/en/2021/06/how-to-use-oauth2-proxy-for-central-authentication/
• https://github.com/oauth2-proxy/oauth2-proxy/issues/1669
• https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/