Heimdall
Heimdall copied to clipboard
Given a configured keycloak server, is it possible to use this site along with oidc to support multiple users?
I've noticed there is a heimdall oauth2 server so I'm betting there is already an integration available. Maybe?
I've looked into an authenticating proxy: https://github.com/oauth2-proxy/oauth2-proxy
Which has an example of being an interface in front of the kubernetes dashboard, which knows how to accept the token passed along by the oauth2-proxy. Is it possible heimdall apps also knows how to work with such a token? https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/
k, got this working yesterday, have got heimdall setup behind an oauth2-proxy and have set it up to pass along a bearer token
Can heimdall use this token to allow different users access to their own heimdall desktop?
Updated my clusters and redeployed this again. So far this is my favorite dashboard-type app. Hoping it might be possible to support multiple users / oidc.
On the heimdall side, my oauth2-proxy configuration in the annotation section:
annotations:
# use oauth2-proxy for login & obtain bearer token
nginx.ingress.kubernetes.io/auth-url: "https://oauth2-proxy.vc-prod.k.home.net/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2-proxy.vc-prod.k.home.net/oauth2/start?rd=$escaped_request_uri"
# header to watch for
nginx.ingress.kubernetes.io/auth-response-headers: authorization
# in the following everything after $upstream_http_ is the header you want to pass along to target app
nginx.ingress.kubernetes.io/configuration-snippet: |
auth_request_set $token $upstream_http_authorization;
add_header Authorization $token;
Closing here and opening as a discussion: https://github.com/linuxserver/Heimdall/discussions/898