GitHub
This guide explains how to configure GitHub as an identity provider by creating an Oauth App. After completing these steps, you can then configure external authentication for the platform during installation by providing GitHub as the identity provider in the dex.config.connectors
section of your values.yaml
file.
Before You Start #
- You must have a GitHub account.
- You must have a cluster with an external IP address that meets the following requirements:
- Has a Certificate Authority (CA) signed certificate.
- Has HTTPS/TLS set up.
How to Configure GitHub as an Identity Provider #
The following steps use a Google Kubernetes Engine (GKE) cluster as an example, but you can adapt these steps to other Kubernetes environments.
Get Cluster Hostname #
- Get your cluster’s external IP address.
gcloud compute addresses describe ${USER} --region us-central1 --format="value(address)" 2> /dev/null
35.202.39.148
- Get the hostname of the external IP address.
host 35.202.39.148
148.39.202.35.in-addr.arpa domain name pointer 148.39.202.35.bc.googleusercontent.com.
WarningDo not include the trailing period in the hostname.
Create a GitHub OAuth App #
- Sign in to GitHub and complete your two-factor authentication.
- Select your Avatar.
- Navigate to Settings > Developer Settings > OAuth Apps.
- Select New OAuth App.
- Provide inputs for the following fields:
- Application name: Enter a name (e.g.,
mlis
) for your application. - Homepage URL: Enter the hostname of your cluster (e.g.,
https://<your-cluster-hostname>:80
). - Authorization Callback URL: Enter the hostname of your cluster with
/dex/callback
appended to the end (e.g.,https://<your-cluster-hostname>:80/dex/callback
).
- Application name: Enter a name (e.g.,
- Select Register application. You will be redirected to your application’s settings page.
- Select Generate new client secret.
- Copy the Client secret and Client ID. Save them in a secure location to use later.
- Select Update application to save.
- Sign out of GitHub. This helps test the login flow after configuration.
Configure Helm Values #
Now that you have the required clientID
and clientSecret
, you can update dex.config.connectors
section of the values.yaml
file to use GitHub as the identity provider. Follow the Configure External Authentication guide to update the values.yaml
file.