Authentication Service (oauth2 proxy) #820
Replies: 3 comments 1 reply
-
Thanks for the kind words! Glad you find this useful. Iteration is quite quick sometimes, I just pushed a commit to drop metallb in favor of Cilium L2 Announcements. It is my understanding that using oauth2-proxy is good if using an external OIDC/OAuth provider like Auth0/Github etc.. I don't think this would be needed as default in the template thou if that is what you are asking. |
Beta Was this translation helpful? Give feedback.
-
Haha, that's very quick indeed :) Understood! I thought it would be nice to add it to the template, but it's also an additional 'setup' step that makes the template a bit more complex/difficult. Would it be useful to have a list / table of repositories that have adopted your template and added a new asset/solution to it? A table entry could refer to my public repo for the |
Beta Was this translation helpful? Give feedback.
-
I had the same thought. Auth seems important for internet-facing apps. Everyone using this template has a GitHub account and a Cloudflare account. In view of this, might Cloudflare Zero Trust be a good solution? A related observation: Cloudflare is a critical piece of infrastructure, with many settings. Sane defaults would be nice. Currently the user is left to do ClickOps on a provider they aren't necessarily familiar with. |
Beta Was this translation helpful? Give feedback.
-
Hello,
Thanks for this fantastic project! I have been struggling in the past to figure out what a good setup would look like in terms of folder structures, how to standardize the services and I think you nailed it!
Over the weekend I have implemented a 3-node cluster based on your template. One crucial service I believe can't be missed is a solid
oauth2 proxy
. In my case, I'm using theoauth-proxy
HELM chart for authentication with Azure AD, but the chart supports many other services like GitHub Auth or Google Auth.I'm fairly new to managing Kubernetes at scale and I was able to implement the chart in my repository here: https://github.com/DevSecNinja/k3s-home/tree/main/kubernetes/apps/security
I still have some things I would like to implement like Redis, but it should be a good starter.
Curious to hear everybody's thoughts.
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions