Breadcrumbs

Oauth2-Proxy Deployment Guide using Helm

Requirements

The following are the hardware requirements for the OAuth2-Proxy.

Entity

Specification

vCPU

0.250 minimum, 0.750 recommended

RAM

1 minimum, 2 GB recommended

Deployment of OAuth2-Proxy

Step 1: Clone the Expertflow CX repository 

git clone -b 4.9_f-CXIM-480  https://efcx:RecRpsuH34yqp56YRFUb@gitlab.expertflow.com/cim/cim-solution.git CX-4.9

cd CX-4.9/kubernetes/helm/

Edit/Update oauth2-proxy/values.yaml for

  • ingressRouter the value of FQDN, which is used to serve the dashboards interface

Ingress Controller Selection

  • Default ingressClass is set to “nginx” in all helm charts' global section. if you prefer to use other ingress controller, please update the ingressClassName to appropriate value.

  • All helm charts served at expertflow helm repository ( CX groups/components and external components ) by default are compatible with ingress-nginx ingress controller using ingress-nginx annotations. Should there be requirement for any other ingress controller like traefik, HA-Proxy or contour etc, please adjust the annotations for all components accordingly. A coordinated guide for using Traefik as Ingress Controller is available for CX solution’s compatibility at Using Traefik as Ingress Controller

  • domainName the domain of the FQDN used for the EFCX (e.g .expertflow.com)

Add TLS Certificates

  • For Self Signed please use this guide Create self-signed certificates for ingress in ef-external namespace

  • For Commercial Certificates, please import them as tls.crt and tls.key and create secret with the name of ef-ingress-tls-secret in ef-external namespace

  • For LetsEncrypt based TLS Certificates please consult LetsEncrypt SSL for EF-CX

NOTE:

When using LE based TLS Certificates, you will have to enable correct annotations in all the relevant values file. For example, for CX, after downloading the <COMPONENT>-custom-values.yaml file, you can run

sed -i -e 's/#cert-manager.io\/cluster-issuer: /cert-manager.io\/cluster-issuer: /g' <COMPONENT>-custom-values.yaml to enable it.

This procedure is required for both externals and all CX group charts being deployed.

Deploy oauth2-proxy

helm upgrade --install --namespace ef-external --values oauth2-proxy/values.yaml oauth2 oauth2-proxy/

Wait for the deployments to complete and in ready state

kubectl -n ef-external  rollout status deploy oauth2-oauth2-proxy


Step 2: Keycloak Configurations for OAuth2-Proxy:

Keycloak Configurations are mandatory for the functionality of OAuth2-Proxy, follow this guide to configure Keycloak:

Keycloak Configurations for OAuth2-Proxy Enablement