GitHub

This guide explains how to configure GitHub as an identity provider by creating an Oauth App. After completing these steps, you can then configure external authentication for the platform during installation by providing GitHub as the identity provider in the dex.config.connectors section of your values.yaml file.

Before You Start #

• You must have a GitHub account.
• You must have a cluster with an external IP address that meets the following requirements:
  • Has a Certificate Authority (CA) signed certificate.
    • GKE CA Certificate Guide
  • Has HTTPS/TLS set up.

How to Configure GitHub as an Identity Provider #

The following steps use a Google Kubernetes Engine (GKE) cluster as an example, but you can adapt these steps to other Kubernetes environments.

Get Cluster Hostname #

1. Get your cluster’s external IP address.

   gcloud compute addresses describe ${USER} --region us-central1 --format="value(address)" 2> /dev/null

   Copy

   35.202.39.148

   Copy
2. Get the hostname of the external IP address.

   host 35.202.39.148

   Copy

   148.39.202.35.in-addr.arpa domain name pointer 148.39.202.35.bc.googleusercontent.com.

   Copy
   Warning

   Do not include the trailing period in the hostname.

Create a GitHub OAuth App #

1. Sign in to GitHub and complete your two-factor authentication.
2. Select your Avatar.
3. Navigate to Settings > Developer Settings > OAuth Apps.
4. Select New OAuth App.
5. Provide inputs for the following fields:
   • Application name: Enter a name (e.g., mlis) for your application.
   • Homepage URL: Enter the hostname of your cluster (e.g., https://<your-cluster-hostname>:80).
   • Authorization Callback URL: Enter the hostname of your cluster with /dex/callback appended to the end (e.g., https://<your-cluster-hostname>:80/dex/callback).
6. Select Register application. You will be redirected to your application’s settings page.
7. Select Generate new client secret.
8. Copy the Client secret and Client ID. Save them in a secure location to use later.
9. Select Update application to save.
10. Sign out of GitHub. This helps test the login flow after configuration.

Configure Helm Values #

Now that you have the required clientID and clientSecret, you can update dex.config.connectors section of the values.yaml file to use GitHub as the identity provider. Follow the Configure External Authentication guide to update the values.yaml file.