TazLab K8s Auth

Scope

This page covers the authentication and access-gating layer in the active tazlab-k8s Flux graph.

Current Synthesis

The auth layer adds a reverse-auth gate in front of protected services through oauth2-proxy and Traefik middleware.

Covered Surfaces

• oauth2-proxy deployment
• oauth2-proxy service and ingress
• Traefik forward-auth middleware
• Auth namespace wiring and secret delivery

Why It Matters

This layer controls who gets access to the protected surfaces exposed by the cluster, especially Grafana and other authenticated tools.

Relationships

• TazLab Flux DAG
• tazlab-k8s
• TazLab Secret And Identity Flow

Source Basis

• tazlab-k8s/clusters/tazlab-k8s/infrastructure-auth.yaml
• tazlab-k8s/infrastructure/auth/oauth2-proxy/*
• tazlab-k8s/infrastructure/auth/kustomization.yaml