mma
1
Hi,
We are setting up authentication on K8s with Azure AD using oauth2. However we are able to do so through command line only and not working for dashboard.
Alternatively we deployed oauth2-proxy service to redirect to azure ad which is working however when we try to access dashboard it does not redirect to oauth2-proxy service.
Is there a way if we can create another servcie and redirect it to oauth2-proxy
Were you able to get this working for you? I have been able to get this working on my GKE cluster with our azure AD using oauth2-proxy but I am running into another issue about getting user info from the request header.
erewok
3
Hello, I haven’t been able to get this working with azure AD. I am trying to using nginx-ingress annotations but my redirect URIs are not preserved. I’m trying to find someone who knows how to set this up.
mark_vr
4
There is a bug in the current deployment of AKS which prevent it from accepting tokens as authentication which are passed through to the API.
If you grant the dashboard service cluster admin as described here the dashboard will then work, but access is all or nothing.
Once that is done, follow the instructions at:
To configure nginx as an ingress authenticated against Azure AD. You can configure AAD to only permit certain groups though, but sadly not currently to use the RBAC controls within Kubernetes to control fine grained access.