Skip to main content
Version: 3.11-dev

Tekton Dashboard Authentication

OAuth2-Proxy is a versatile tool that serves as a reverse proxy, utilizing the OAuth 2.0 protocol with various providers like Google, GitHub, and Keycloak to provide both authentication and authorization. This guide instructs readers on how to protect their applications' endpoints using OAuth2-Proxy. By following these steps, users can enhance the security of their endpoints without modifying their current application code. In the context of KubeRocketCI, it has integration with the Keycloak OIDC provider, enabling it to connect with any component that lacks built-in authentication.

Prerequisites​

Integration OAuth2-Proxy​

To streamline the installation of OAuth2-Proxy in your environment, it is advised to utilize the resources available in the Cluster Add-Ons and their applications.

Enable OAuth2-Proxy on Tekton Dashboard​

The example below illustrates how to use OAuth2-Proxy in practice when using the Tekton dashboard:

Edit the Tekton dashboard Ingress annotation by adding auth-signin and auth-url of oauth2-proxy by kubectl command:

kubectl annotate ingress <application-ingress-name> \
nginx.ingress.kubernetes.io/auth-signin='https://<oauth-ingress-host>/oauth2/start?rd=https://$host$request_uri' \
nginx.ingress.kubernetes.io/auth-url='http://oauth2-proxy.oauth2-proxy.svc.cluster.local:80/oauth2/auth'