Skip to content
A Google Kubernetes Engine oauth2_proxy deployment.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This project deploys the oauth2_proxy reverse proxy to Google Kubernetes Engine. It uses the Docker image built here.


  • A Google Cloud account, with a Google Kubernetes Engine cluster created.
  • You will need a Google API OAuth client ID. This is for the oauth2_proxy service to redirect the user to for authentication. This can be configured here. The oauth2_proxy Github page has good information as well.
  • You will need to have A Kubernetes secret in the kube-system namespace. Example to create that:
kubectl --namespace default create secret generic oauth --from-literal=OAUTH2_PROXY_CLIENT_ID=your_client_id_from_google --from-literal=OAUTH2_PROXY_CLIENT_SECRET=your_client_secret_from_google --from-literal=OAUTH2_PROXY_COOKIE_SECRET=random_base64_encoded_value
  • Edit the following line and insert your domain, such as "":
        - --email-domain=<YOUREMAILDOMANHERE>


To deploy:

kubectl create -f oauth2_proxy.yml

You can verify the status by running:

kubectl -n kube-system get pods

Using an email auth file

If using the email auth file deployment, you will need to create a volume mount that is the email auth file, containing the list of email addresses who are allowed access. Example yml file provided.

You can’t perform that action at this time.