HTTPs has become a necessity for any public-facing website, given phishing attacks. Luckily, with the LetsEncrypt service and helpers in Kubernetes, it is very easy to set verified SSL certificates. In this chapter, we will see how to set up Ingress services and certificate managers to interface with LetsEncrypt.

Different approaches for authentication to the guestbook app will be explored in this chapter. We will look at the oauth2_proxy side car for adding authentication to the sample guest app using Azure AD. The reader will be able to secure apps with no built-in authentication easily. The authentication scheme can be extended to use GitHub, Google, GitLab, LinkedIn, or Facebook.

The following topics will be covered in this chapter:

• Authentication and common authentication providers
• Authentication versus authorization (AuthN versus AuthZ)
• Deploying the oauth2_proxy side car
• Hints on using GitHub or other authentication providers