GoCD on Kubernetes using Terraform: Configuring OAuth with Github

This blog is a continuation of GoCD on Kubernetes using Terraform: Configuring SSL using Let's Encrypt.

Configure OAuth with Github

We need to setup authentication for our GoCD. There are various open source plugins available for GoCD. It is possible to write our own plugin as well.

For this setup we will see how to use Github OAuth plugin. Modify environment variable to use the plugin.

resource "helm_release" "gocd" {
  name = "gocd"
  chart = "stable/gocd"
  namespace = kubernetes_namespace.gocd_namespace.metadata.0.name
  depends_on = [kubernetes_namespace.gocd_namespace]

  values = [
    <<EOF
    server:
      env:
        extraEnvVars:
          - name: GOCD_PLUGIN_INSTALL_gitlab-auth
            value: https://github.com/gocd-contrib/github-oauth-authorization-plugin/releases/download/3.0.0-46/github-oauth-authorization-plugin-3.0.0-46.jar
      ingress:
        enabled: true
        hosts:
          - <domain_name>
        annotations:
            kubernetes.io/ingress.class: nginx
            cert-manager.io/issuer: letsencrypt-prod
        tls:
          - secretName: gocd-secret
            hosts:
              - <domain_name>
    EOF
  ]
}

Replace <domain_name> with our custom domain.

terraform apply

In GoCD UI -> Admin -> Authorization configuration section, you can see the github is listed.

Our Secured Auto Scaling GoCD is ready to use. View in github.

Additional information

• Elastic Agents and Static Agents

• Configuring Google Container Registry (GCR) as an Artifact Store in GoCD

• Configuring Access to GitHub for GoCD Server