Oauth2-Proxy Deployment Guide using Helm
Requirements
The following are the hardware requirements for the OAuth2-Proxy.
Entity | Specification |
|---|---|
vCPU | 0.250 minimum, 0.750 recommended |
RAM | 1 minimum, 2 GB recommended |
Deployment of OAuth2-Proxy
Step 1: Clone the Expertflow CX repository
git clone -b 4.9_f-CXIM-480 https://efcx:RecRpsuH34yqp56YRFUb@gitlab.expertflow.com/cim/cim-solution.git CX-4.9cd CX-4.9/kubernetes/helm/Edit/Update oauth2-proxy/values.yaml for
ingressRouter the value of FQDN, which is used to serve the dashboards interface
Ingress Controller Selection
Default ingressClass is set to “nginx” in all helm charts' global section. if you prefer to use other ingress controller, please update the ingressClassName to appropriate value.
All helm charts served at expertflow helm repository ( CX groups/components and external components ) by default are compatible with ingress-nginx ingress controller using ingress-nginx annotations. Should there be requirement for any other ingress controller like traefik, HA-Proxy or contour etc, please adjust the annotations for all components accordingly. A coordinated guide for using Traefik as Ingress Controller is available for CX solution’s compatibility at Using Traefik as Ingress Controller
domainName the domain of the FQDN used for the EFCX (e.g
.expertflow.com)
Add TLS Certificates
For Self Signed please use this guide Create self-signed certificates for ingress in
ef-externalnamespaceFor Commercial Certificates, please import them as
tls.crtandtls.keyand create secret with the name ofef-ingress-tls-secretinef-externalnamespaceFor LetsEncrypt based TLS Certificates please consult LetsEncrypt SSL for EF-CX
NOTE:
When using LE based TLS Certificates, you will have to enable correct annotations in all the relevant values file. For example, for CX, after downloading the <COMPONENT>-custom-values.yaml file, you can run
sed -i -e 's/#cert-manager.io\/cluster-issuer: /cert-manager.io\/cluster-issuer: /g' <COMPONENT>-custom-values.yaml to enable it.
This procedure is required for both externals and all CX group charts being deployed.
Deploy oauth2-proxy
helm upgrade --install --namespace ef-external --values oauth2-proxy/values.yaml oauth2 oauth2-proxy/Wait for the deployments to complete and in ready state
kubectl -n ef-external rollout status deploy oauth2-oauth2-proxyStep 2: Keycloak Configurations for OAuth2-Proxy:
Keycloak Configurations are mandatory for the functionality of OAuth2-Proxy, follow this guide to configure Keycloak:
Keycloak Configurations for OAuth2-Proxy Enablement