Skip to content

NimTechnology

Trình bày các công nghệ CLOUD một cách dễ hiểu.

  • Kubernetes & Container
    • Docker
    • Kubernetes
      • Ingress
      • Pod
    • Helm Chart
    • OAuth2 Proxy
    • Isito-EnvoyFilter
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Vault
    • Longhorn – Storage
    • VictoriaMetrics
    • MetalLB
    • Kong Gateway
  • CI/CD
    • ArgoCD
    • ArgoWorkflows
    • Argo Events
    • Spinnaker
    • Jenkins
    • Harbor
    • TeamCity
    • Git
      • Bitbucket
  • Coding
    • DevSecOps
    • Terraform
      • GCP – Google Cloud
      • AWS – Amazon Web Service
      • Azure Cloud
    • Golang
    • Laravel
    • Python
    • Jquery & JavaScript
    • Selenium
  • Log, Monitor & Tracing
    • DataDog
    • Prometheus
    • Grafana
    • ELK
      • Kibana
      • Logstash
  • BareMetal
    • NextCloud
  • Toggle search form

[Oauth2-proxy] Configure Oauth2-proxy with Azure Cloud.

Posted on December 22, 2023January 7, 2024 By nim No Comments on [Oauth2-proxy] Configure Oauth2-proxy with Azure Cloud.

Chúng ta đã cấu hình Oauth2-proxy with google, cognito – AWS.
Làm thể nào để configure Oauth2-proxy with Azure Cloud.
Bạn có thể biết là số lượng công ty sử dụng tài khoản Microsoft là không nhỏ.

https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#azure-auth-provider

1) Create app registrations in Azure

Bạn có thể tham khảo bài này để chúng ta cùng tạo 1 app registrations trong Azure.
https://nimtechnology.com/2023/12/18/rancher-login-rancher-by-azure-id-or-microsoft-account/

Mình có đọc document thì họ yêu cầu Group.Read.All trong Application permissions

Tiếp đến là mình cài oauth2-proxy thông qua helm:
https://artifacthub.io/packages/helm/oauth2-proxy/oauth2-proxy

Add repository:
helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
Install chart:
helm install my-oauth2-proxy oauth2-proxy/oauth2-proxy –version 6.23.1

Bên dưới là value file.

config:
  configFile: |-
    email_domains = [ "*" ]
    upstreams = [ "file:///dev/null" ]
  existingSecret: "oauth2-proxy"
extraEnv:
  - name: OAUTH2_PROXY_CLIENT_ID
    valueFrom:
      secretKeyRef:
        key: client-id
        name: oauth2-proxy
  - name: OAUTH2_PROXY_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        key: client-secret
        name: oauth2-proxy
  - name: OAUTH2_PROXY_COOKIE_SECRET
    valueFrom:
      secretKeyRef:
        key: cookie-secret
        name: oauth2-proxy
extraArgs:
  azure-tenant: "b1351590-3037-4637-ae38-25e9a5c37e00"
  oidc-issuer-url: "https://login.microsoftonline.com/b1351590-3037-4637-ae38-25e9a5c37e00/v2.0"
  provider: azure
  provider-display-name: "Azure SSO"
  cookie-secure: true
  cookie-name: "_oauth2_proxy"
  skip-provider-button: true
  scope: openid
ingress:
  enabled: true
  hosts:
    - workflow-XXXX-staging.metadefender.com
  path: /oauth2
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
    nginx.ingress.kubernetes.io/proxy-buffering: "on"
    kubernetes.io/ingress.class: "nginx"
  ingressClassName: nginx
  tls:
    - hosts:
        - workflow-XXXX-staging.metadefender.com
      secretName: tls-oauth2-proxy-ingress

Giờ mình sẽ link 1 số config cần thiết.
extraArgs:
azure-tenant: sẽ là Directory (tenant) ID
oidc-issuer-url: sẽ là “https://login.microsoftonline.com/<azure-tenant ID>/v2.0″

Environments:
OAUTH2_PROXY_CLIENT_ID: sẽ là Application (client) ID

OAUTH2_PROXY_CLIENT_SECRET sẽ là value trong Certificates & secrets.

OAUTH2_PROXY_COOKIE_SECRET Bạn sẽ cần generate string này.

# -- server specific cookie for the secret; create a new one with `openssl rand -base64 32 | head -c 32 | base64`

Thường thì bạn sẽ hay có arguments.
Có 1 số arguments có liên quan đến secret thì chúng ta sẽ dụng Environment.
https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#environment-variables

OAuth2 Proxy

Post navigation

Previous Post: [Argo Workflow] Build the docker image with argo-workflow and Kaniko then push the image to ECR
Next Post: [php-laravel] Handle a new project laravel.

More Related Articles

[Keycloak/OAuth2] Install Keycloak by helm on Kubernetes Kubernetes & Container
[Oauth2-Proxy] Oauth2-Proxy encounters issue with Cognito Kubernetes & Container
[Istio/OAuth2-Proxy] Authenticate applications on Kubernetes: Okta(OIDC), Istio, and OAuth2-Proxy integration. Isito-EnvoyFilter
[Oauth2-Proxy] Protect any of your websites on Kubernetes by Oauth2-Proxy Kubernetes & Container
[oauth2-proxy] Your applications is protected by Oauthen2(Google, GitHub,…) Kubernetes & Container

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Tham Gia Group DevOps nhé!
Để Nim có nhiều động lực ra nhiều bài viết.
Để nhận được những thông báo mới nhất.

Recent Posts

  • [Argo Workflow] Create an access token for Argo Workflows July 14, 2025
  • [Argo Workflow] SSO Authentication for Argo Workflows. July 14, 2025
  • [AWS/EKS] Cache Docker image to accelerate EKS container deployment. July 10, 2025
  • [Laravel] Laravel Helpful June 26, 2025
  • [VScode] Hướng dẫn điều chỉnh font cho terminal June 20, 2025

Archives

  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021

Categories

  • BareMetal
    • NextCloud
  • CI/CD
    • Argo Events
    • ArgoCD
    • ArgoWorkflows
    • Git
      • Bitbucket
    • Harbor
    • Jenkins
    • Spinnaker
    • TeamCity
  • Coding
    • DevSecOps
    • Golang
    • Jquery & JavaScript
    • Laravel
    • NextJS 14 & ReactJS & Type Script
    • Python
    • Selenium
    • Terraform
      • AWS – Amazon Web Service
      • Azure Cloud
      • GCP – Google Cloud
  • Kubernetes & Container
    • Apache Kafka
      • Kafka
      • Kafka Connect
      • Lenses
    • Docker
    • Helm Chart
    • Isito-EnvoyFilter
    • Kong Gateway
    • Kubernetes
      • Ingress
      • Pod
    • Longhorn – Storage
    • MetalLB
    • OAuth2 Proxy
    • Vault
    • VictoriaMetrics
  • Log, Monitor & Tracing
    • DataDog
    • ELK
      • Kibana
      • Logstash
    • Fluent
    • Grafana
    • Prometheus
  • Uncategorized
  • Admin

Copyright © 2025 NimTechnology.