Try It Out
In this example we will deploy OAuth2 Proxy on a Kubernetes cluster using the Minimus OAuth2 Proxy Advanced Helm chart. OAuth2 Proxy will be configured to authenticate users before allowing access to protected services.
Step 1: Start Cluster
If you have a cluster to work with, skip this step. Otherwise, start a Minikube cluster. Deployment instructions
Step 2: Create Namespace
Create a namespace:
kubectl create ns oauth2-proxy-advanced
Step 3: Configure OAuth2 Credentials
Create a secret with your OAuth2 provider credentials. You'll need:
- Client ID
- Client Secret
- Cookie Secret (generate a random 32-character string)
kubectl create secret generic oauth2-proxy-secret \
--from-literal=client-id=YOUR_CLIENT_ID \
--from-literal=client-secret=YOUR_CLIENT_SECRET \
--from-literal=cookie-secret=$(openssl rand -base64 32 | tr -d "=+/" | cut -c1-32) \
--namespace=oauth2-proxy-advanced
Step 4: Save Values File Locally
Go to the Values tab and save a copy of it locally. You will need to add the flag -f values.yaml to override the defaults when you deploy the chart in the next step.
Update the values.yaml to reference your secret and configure your provider:
oauth2-proxy:
config:
existingSecret: oauth2-proxy-secret
provider: google # or github, azure, etc.
emailDomains:
- "*" # Allow all email domains, or specify allowed domains
Step 5: Deploy the Helm Chart
Deploy the Minimus Helm chart with the values.yaml file you saved in the previous step.
Run the following command:
helm install my-oauth2-proxy-advanced oci://helm.mini.dev/oauth2-proxy-advanced \
--version 0.1.0 \
-f values.yaml \
-n oauth2-proxy-advanced
Step 6: Verify OAuth2 Proxy is Running
To check that the pod was successfully created run:
kubectl get pods -n oauth2-proxy-advanced -l app.kubernetes.io/name=oauth2-proxy
You should see output similar to:
NAME READY STATUS RESTARTS AGE
my-oauth2-proxy-advanced-xxxxxxxxx 1/1 Running 0 2m
Step 7: Test OAuth2 Proxy
This verifies OAuth2 Proxy is actually working and authenticating users.
Get the service URL:
kubectl get svc -n oauth2-proxy-advanced -l app.kubernetes.io/name=oauth2-proxy
Port-forward to the service:
kubectl port-forward svc/my-oauth2-proxy-advanced 4180:4180 -n oauth2-proxy-advanced
Open your browser and navigate to http://localhost:4180. You should be redirected to your OAuth2 provider's login page. After successful authentication, you'll be redirected back to OAuth2 Proxy.
Check the logs to verify authentication:
kubectl logs -n oauth2-proxy-advanced -l app.kubernetes.io/name=oauth2-proxy
You should see successful authentication messages in the logs.
Step 8: Cleanup
To clean up the deployment:
helm uninstall my-oauth2-proxy-advanced -n oauth2-proxy-advanced
kubectl delete namespace oauth2-proxy-advanced
Terms & Info
Trademark
This catalog is published by Minimus. All product names, logos, and marks, other than those belonging to Minimus, shown are owned by their respective rights holders and appear here only to identify the open source software each image contains. Minimus claims no ownership of those marks and implies no affiliation with, endorsement by, certification by, or sponsorship by any rights holder.
Disclaimer
Images are provided "as-is" without warranty of any kind. "Hardened" refers to the security configuration applied at the time of build and does not constitute a guarantee of ongoing security or absence of vulnerabilities. The free tier is provided without support, SLA, or guaranteed patching timelines. Security updates may be applied to paid subscriptions before or instead of free tier images. By pulling or using any image you agree to our Terms of Use.
oauth2-proxy-advanced 7.14.2