From 8057ecde6c13d5e1df642a741b17213447d5df5b Mon Sep 17 00:00:00 2001
From: Hugo Dutka <hugo@coder.com>
Date: Mon, 3 Mar 2025 20:48:50 +0000
Subject: [PATCH] docs: suggest disabling the default GitHub OAuth2 provider on
 k8s (#16758)

For production deployments we recommend disabling the default GitHub
OAuth2 app managed by Coder. This PR mentions it in k8s installation
docs and the helm README so users can stumble upon it more easily.
---
 docs/install/kubernetes.md | 4 ++++
 helm/coder/README.md       | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/docs/install/kubernetes.md b/docs/install/kubernetes.md
index 785c48252951c..9c53eb3dc29ae 100644
--- a/docs/install/kubernetes.md
+++ b/docs/install/kubernetes.md
@@ -101,6 +101,10 @@ coder:
           # postgres://coder:password@postgres:5432/coder?sslmode=disable
           name: coder-db-url
           key: url
+    # For production deployments, we recommend configuring your own GitHub
+    # OAuth2 provider and disabling the default one.
+    - name: CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE
+      value: "false"
 
     # (Optional) For production deployments the access URL should be set.
     # If you're just trying Coder, access the dashboard via the service IP.
diff --git a/helm/coder/README.md b/helm/coder/README.md
index 015c2e7039088..172f880c83045 100644
--- a/helm/coder/README.md
+++ b/helm/coder/README.md
@@ -47,6 +47,10 @@ coder:
     # This env enables the Prometheus metrics endpoint.
     - name: CODER_PROMETHEUS_ADDRESS
       value: "0.0.0.0:2112"
+    # For production deployments, we recommend configuring your own GitHub
+    # OAuth2 provider and disabling the default one.
+    - name: CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE
+      value: "false"
   tls:
     secretNames:
       - my-tls-secret-name