On for Internal Apps in Kubernetes using Google Oauth / SSO
Next were going to create an nginx ingress controller and ingress that will terminate SSL and handle routing traffic to the sso-proxy and sso-auth pods.
First we need to setup the RBAC for the ingress controller.
$ kubectl create -f nginx-ingress-controller-rbac.yml
Then we need to create a “default backend” which will just serve a basic 404 page for requests it cant route.
$ kubectl create -f default-backend-deployment.yml
And create the Kubernetes service for the default backend.
$ kubectl create -f default-backend-svc.yml
Next we’ll launch the actual nginx ingress controller itself.
$ kubectl create -f nginx-ingress-controller-deployment.yml
And its corresponding Kubernetes service. This will create an internal ELB in your VPC.
$ kubectl create -f nginx-ingress-controller-svc.yml
Important!, Dont skip
You will now need to create a Route 53 entry for *.sso.mydomain.com
and sso-auth.mydomain.com
and point it to the DNS name of the ELB that Kubernetes just created for the nginx controller.
It will look something like internal.XXXXXX.us-xxx-1.elb.amazonaws.com
Next we create a Kubernetes secret that has the SSL cert we will use for our *.sso.mydomain.com
and sso-auth.mydomain.com
domains.
$ kubectl create -f ssl-cert-secrets.yml
Finally we’ll create the ingress. This tells the ingress controller how to route anything coming in under *.sso.mydomain.com to the SSO proxy.
And lastly, lets deploy a hello-world app.
$ kubectl create -f hello-world-deployment.yml
And its corresponding Kubernetes service
$ kubectl create -f hello-world-svc.yml
If all went well you should be able to visit:
And you should be prompted to login via your @mydomain.com
email.
as always I hope you found this guide useful!!