docs: clarify ingress-nginx integration and remove Lua block example #3202
+6
−14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…for oauth2-proxy This PR revises the integration guide for oauth2-proxy with ingress-nginx in Kubernetes: Recommends the minimal configuration: just auth-url and auth-signin annotations. Removes the Lua block example, as it did not work in practice despite following nginx documentation and extensive testing. Clearly states that the official ingress-nginx external auth example is the recommended approach for most users. Notes that advanced Lua/cookie handling is only needed for rare, advanced scenarios.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Revise oauth2-proxy ingress-nginx integration guide: recommend minimal configuration, remove Lua block, clarify advanced scenarios
Description
This PR updates the integration guide for oauth2-proxy with ingress-nginx in Kubernetes. It now recommends the minimal configuration using only the auth-url and auth-signin annotations. The previous Lua block example has been removed, as it did not work reliably in practice despite following nginx documentation and extensive testing. The guide now clearly states that the official ingress-nginx external auth example is the recommended approach for most users. Advanced Lua/cookie handling is noted as only necessary for rare, advanced scenarios.
Motivation and Context
This change is required to prevent confusion and errors for users integrating oauth2-proxy with ingress-nginx. The minimal configuration is proven to work in real-world setups, while the Lua block approach was unreliable. This update aligns the documentation with best practices and the official ingress-nginx example.
How Has This Been Tested?
The minimal configuration was tested extensively in multiple Kubernetes environments with ingress-nginx and oauth2-proxy. All authentication flows worked as expected. The Lua block was tested but consistently failed due to runtime errors and cookie handling issues.
Checklist: