This is the Kubernetes Python Operator for the OAuth2 Proxy.
OAuth2 Proxy is a reverse proxy and static file server that authenticates users through providers like Google and GitHub, allowing validation by email, domain, or group.
This operator provides the OAuth2 proxy, and consists of Python scripts which wraps the versions distributed by OAuth2 Proxy.
The OAuth2 Proxy charm can be used to enable authentication for charmed applications by integrating it with Identity Platform.
To deploy Charmed OAuth2 Proxy, you need to run the following command:
juju deploy oauth2-proxy-k8s --channel edge --trustYou can follow the deployment status with watch -c juju status --color.
The Charmed OAuth2 Proxy offers integration with the traefik-k8s-operator for ingress.
In order to provide ingress to the application, run:
juju deploy traefik-k8s traefik-public --channel latest/stable --trust
juju integrate traefik-public oauth2-proxy-k8s:ingressOAuth2 Proxy offers integration with
Traefik ForwardAuth
middleware via forward_auth interface.
It can be added by deploying the Traefik charmed operator, enabling the experimental feature and adding a juju integration:
juju config traefik-public enable_experimental_forward_auth=True
juju integrate oauth2-proxy-k8s traefik-public:experimental-forward-authOAuth2 Proxy can be integrated with downstream charmed operators
using auth_proxy interface.
To have your charm protected by the proxy, make sure that:
- it is integrated with Traefik using one of the ingress interfaces
- it provides OAuth2 Proxy with necessary data by supporting the integration.
Then complete setting up the proxy:
juju integrate your-charm traefik-public
juju integrate oauth2-proxy-k8s your-charm:auth-proxyIdentity Platform is a composable identity provider and identity broker system based on Juju.
It comes with a built-in identity and user management system, but is also able to rely on external identity providers to authenticate users and manage user attributes. Find out more about integrating it with providers like Google, Microsoft Entra ID or GitHub here.
Refer to this tutorial to learn how to deploy and configure the Identity Platform.
Charmed OAuth2 Proxy connects with the Identity Platform with the use of Hydra charmed operator. To integrate it, run:
juju integrate oauth2-proxy-k8s:oauth hydraNote that oauth requires ingress integration provided by Traefik Charmed Operator.
Please see SECURITY.md for guidelines on reporting security issues.
This charm is still in active development. Please see the
Juju SDK docs for guidelines on enhancements to this
charm following best practice guidelines, and CONTRIBUTING.md for developer
guidance.
The Charmed OAuth2 Proxy K8s Operator is free software, distributed under the Apache Software License, version 2.0. See License for more details.