Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

oAuth-proxy enhancements for Azure AKS deployment

See original GitHub issue

Is your enhancement related to a problem? Please describe

There are several enhancements of ouath-proxy configuration (aka oauth-proxy.cfg) for kubernetes:

To set pass_access_token to true (default value is false) to pass access token to upstream via “X-Forwarded-Access-Token”
To set cookie_refresh to 1h0m0s to refresh the cookie when duration has elapsed after cookie was initially set.
To add whitelist_domains to whitelist che domain (ie: .yourcompany.com)
To add cookie_domains to set cookie domain to force cookies to (ie: .yourcompany.com)
To add OAuthScope to Che Resource to allow users to configure Access Token Scope.

Describe the solution you’d like

Update che-operator to support addition configuration of ouath-proxy for kubernetes

Describe alternatives you’ve considered

No response

Release Notes Text

Some enhancements needed to deploy Che on Azure AKS has been contributed by @karatkep. Thank you for your contribution.

Issue Analytics

State:
Created a year ago
Comments:7 (4 by maintainers)

Top GitHub Comments

2reactions

karatkepcommented, Jun 24, 2022

Hi Mario, It’s correct, the proposed enhancements were needed to deploy Che to Azure AKS. My instructions will be slightly updated because we found a more elegant way to solve reported issue during code review. Thanks to @tolusha and @sparkoo for the help.

And of course I will be glad to write a blog post and explain what issue we met and how it has been resolved in the new version of Che.

Best Regards, Piotr (aka karatkep)

On Thu, Jun 23, 2022 at 12:18 PM Mario Loriedo @.***> wrote:

@karatkep https://github.com/karatkep thank you for this issue and the related contribution. Those enhancements were needed to deploy to AKS? And using the instructions in your repo https://github.com/karatkep/che-aks-installer are ment to be used by anyone trying to deploy to AKS?

I am asking because we are considering to:

make this PR as a new and notworkthy addition to include in next release notes

proposing you to contribute a blog post that explains how to deploy Che to AKS

— Reply to this email directly, view it on GitHub https://github.com/eclipse/che/issues/21450#issuecomment-1164162788, or unsubscribe https://github.com/notifications/unsubscribe-auth/APGFNMECKJTQMPXWLEMCB63VQQTU3ANCNFSM5YG2FNCA . You are receiving this because you were mentioned.Message ID: @.***>

0reactions

max-cxcommented, Jul 25, 2022

RN: upstream only

Top Results From Across the Web

Best practices for Azure Kubernetes Service (AKS)

Best practices for cluster security and upgrades. Includes securing access to the API server, limiting container access, and managing upgrades ...

MS Azure OAuth2 proxy - Token based authentication not ...

I finally made it work using the following configuration: deployment.yaml for OAuth2 proxy: kind: Deployment apiVersion: apps/v1 metadata: ...

Azure Kubernetes Service (AKS): What Is It and Why Do We ...

Microsoft Azure offers Azure Kubernetes Service that simplifies managed Kubernetes cluster deployment in the public cloud environment and also ...

Deploy HCL Workload Automation containers on Azure AKS

Run HCL Workload Automation containerized product components on Azure Kubernetes Service (AKS).

Azure Kubernetes Service (AKS) - Alif Consulting

Azure Kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster ... AKS reduces the debugging time while handling patching, auto-upgrades, ...