Skip to content
/ oauth2-proxy-themed Public

A Helm chart for oauth2-proxy with themed/branded login page

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

michaelvl/oauth2-proxy-themed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

doc

doc

 
 

example-theme

example-theme

 
 

templates

templates

 
 

.gitignore

.gitignore

 
 

.helmignore

.helmignore

 
 

Chart.yaml

Chart.yaml

 
 

README.md

README.md

 
 

values.yaml

values.yaml

 
 

Repository files navigation

This is a Helm chart that extends the oauth2-proxy Helm chart with themes for the login page.

Out-of-the-box, the login page for oath2-proxy looks like this:

without-theme

With this Helm chart we can add a theme and e.g. make the login page look like this:

with-theme

The chart works by using the existing custom-html template feature of oauth2-proxy together with an add-on web server for static assets (which cannot be served by oath2-proxy).

Since the chart extends oauth2-proxy, all the options of the oauth2-proxy chart are available and security-wise this chart does not change the core oauth2-proxy parts.

Installing

Create a client secret for oauth2-proxy to use - lookup details in the oauth2-proxy documentation.

kubectl create secret generic oauth-client-secret --from-literal=client-id=XXXXX --from-literal=client-secret=YYYYYYYYY --from-literal=cookie-secret=$(shell openssl rand -hex 16)

Oauth2-proxy supports custom HTML templates, i.e. create a ConfigMap with the HTML templates for the login and error pages (both are needed if customizing one of them). These templates will be mounted into the oauth2-proxy POD and used for the login process:

kubectl create cm custom-html --from-file=example-theme/sign_in.html --from-file=example-theme/error.html

If e.g. the sign_in.html template use static assets like images, we need to create another ConfigMap with those. These assets are unprotected and served by the add-on web-server. These assets are not used by oauth2-proxy.

kubectl create cm custom-assets --from-file=example-theme/back.svg --from-file=example-theme/icon.png

These static assets can be referenced from the HTML templates under the sub-path /assets. See the example theme.

Notes

If using large assets together with kubectl apply, you might hit upon the max. size of 256k imposed by the Kubernetes API. Using server-side apply (kubectl apply --server-side=true) will help mitigate this issue, although using large assets for a login page is probably not a good idea.

The icon shown above is from my OSMfocus Android app for OpenStreetMap.

The chart supports Ingress objects and Contour/Envoy HTTPProxy objects for traffic routing.

About

A Helm chart for oauth2-proxy with themed/branded login page

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages