/aad-auth-proxy

Azure Active Directory authentication proxy is an http proxy that is design to add authentication information required to talk to Microsoft Azure services.

Primary LanguageGoMIT LicenseMIT

Status

Step Build Release
Image Build Status Release Status
Helm chart Build Status Release Status

Project

Azure Active Directory authentication proxy is an http proxy that is design to add authentication information required to talk to Microsoft Azure services. The proxy adds Authorization header to http requests based on its configuration. It can be used to add authentication information to the requests made by scripts, tools, applications not designed to work directly with Azure Active Directory.

Some usage examples would be to allow Kubecost to read Prometheus metrics stored in Azure Managed Prometheus, ingest metrics via OTEL collector through Prometheus Remote Write exporter into Azure Monitor Workspace and others.

Check release notes for link to publicly available images.

Getting Started

This can be deployed in custom templates using release image as a side car or a service. This can be deployed using helm chart as well, which will be deployed as a service. Detailed instructions on how to deploy can be found here.

Telemetry

This has been instrumented with OTEL, it emits traces and metrics, which can be collected using OTEL Collector. A grafana dashboard to visualize metrics is also included.

Securing traffic

This proxy can be deployed as a side car or as a service. When deployed as a side car, only the containers within the pod can access this proxy, but when deployed as a service without restricting traffic, any container can access this proxy. So there might be a need to secure traffic to proxy pod and can be achieved using Network policies in Azure Kubernetes Service.

Limitations

Only helm v3 is supported.