What is the purpose of oauth2 proxy sidecar?

4.3k views Asked by At

Could you please provide explanation for what reason oauth2-proxy as sidecar can be used? For example an architecture where every pod in k8s has this sidecar, which proxies to Keycloack.

1

There are 1 answers

0
Max Lobur On

The repo you referred has a readme with a good explanation.

It lets you secure a web app without making any changes to the app itself. The Auth Provider is Keycloak in your case. For example, you can add your organization's auth to a Kubernetes dashboard.

Note that if you're using ingress to expose a service, the oauth2-proxy doesn't have to be sidecar. You can use ingress annotations to route auth requests to a separate pod (or even a separate namespace), like in the nginx-ingress example: https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/. In this way you reuse one oauth-proxy for multiple apps.