Could you please provide explanation for what reason oauth2-proxy as sidecar can be used? For example an architecture where every pod in k8s has this sidecar, which proxies to Keycloack.
Asked
Active
Viewed 3,673 times
1 Answers
6
The repo you referred has a readme with a good explanation.
It lets you secure a web app without making any changes to the app itself. The Auth Provider is Keycloak in your case. For example, you can add your organization's auth to a Kubernetes dashboard.
Note that if you're using ingress to expose a service, the oauth2-proxy doesn't have to be sidecar. You can use ingress annotations to route auth requests to a separate pod (or even a separate namespace), like in the nginx-ingress example: https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/. In this way you reuse one oauth-proxy for multiple apps.
Max Lobur
- 5,662
- 22
- 35