Closed LeePorte closed 1 year ago
Infra-Red
commented
5 years ago Hi @LeePorte! You can use oauth2-proxy-boshrelease to configure oauth2 proxy in front of Prometheus and Alertmanager.
Here is an example how to collocate oauth2 proxy job with existing nginx job.
https://github.com/18F/cg-deploy-prometheus/blob/22fc0e25cc04500bf06e6e9b8e22797232101e83/bosh/manifest.yml#L316-L357
LeePorte
commented
5 years ago Hi @Infra-Red,
I didn't know you could do that. I'm going to have a tinker with it and hopefully I can get it solve our issue.
Thanks for the pointer.
Cheers
Lee
Infra-Red
commented
5 years ago @LeePorte I've created a bosh-release for pusher/oauth2_proxy (this is an official hard fork of original oauth2_proxy project).
You can deploy oauth2 proxy for prometheus-boshrelease deployment with this ops file https://github.com/Infra-Red/oauth2-proxy-boshrelease/blob/v0.1.0/manifests/operators/prometheus/enable-prometheus-oauth2-proxy.yml
poblin-orange
commented
5 years ago @Infra-Red niice. I was considering using pusher oauth2 proxy to secure our ops portails. Would you consider sharing your release in cloudfoundry-community org ? Btw, 4.0.0 has been recently released (should help with UAA interop)
Infra-Red
commented
5 years ago @poblin-orange Sure, I will move this project to cloudfoundry-community org. And thanks for notice, I will update release to use 4.0.0 version in the coming days.
https://github.com/cloudfoundry-community/oauth2-proxy-boshrelease
poblin-orange
commented
5 years ago Thank you very much. Very useful
Hi,
I was just wondering if there were any thoughts on adding the option for Oauth within the nginx config? Something like https://github.com/pusher/oauth2_proxy could be used to provide this.
I have a dislike for shared credentials and prefer to use an existing IDP where possible.
Cheers
Lee