amkartashov/gf-k8s
1
0
Fork 0
mirror of https://github.com/amkartashov/gf-k8s.git synced 2026-01-10 17:39:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

oauth2-proxy

Browse source
This commit is contained in:
Andrei Kartashov 2023-09-04 21:51:47 +07:00
parent 8ab01dec6d
commit 0e45303c36
2 changed files with 69 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
README.rst
View file

@ -30,10 +30,10 @@ Applications & Projects
+------------------------------+----------------------------------------------------------------+-------------------------+ +------------------------------+----------------------------------------------------------------+-------------------------+
| `Apps Project`_, **user level applications** | | `Apps Project`_, **user level applications** |
+------------------------------+----------------------------------------------------------------+-------------------------+ +------------------------------+----------------------------------------------------------------+-------------------------+
| Oauth2-proxy_ | `Oauth2 Proxy`_ | |oauth2-proxy_status| |
+------------------------------+----------------------------------------------------------------+-------------------------+
.. _`Default Project`: https://argocd.ioot.xyz/applications?proj=default .. _`Default Project`: https://argocd.ioot.xyz/applications?proj=default
.. _`System Project`: https://argocd.ioot.xyz/applications?proj=system
.. _`Apps Project`: https://argocd.ioot.xyz/applications?proj=apps
.. _System: https://argocd.ioot.xyz/applications/argocd/system .. _System: https://argocd.ioot.xyz/applications/argocd/system
.. |system_status| image:: https://argocd.ioot.xyz/api/badge?name=system&revision=true .. |system_status| image:: https://argocd.ioot.xyz/api/badge?name=system&revision=true
@ -41,6 +41,8 @@ Applications & Projects
.. _Apps: https://argocd.ioot.xyz/applications/argocd/apps .. _Apps: https://argocd.ioot.xyz/applications/argocd/apps
.. |apps_status| image:: https://argocd.ioot.xyz/api/badge?name=apps&revision=true .. |apps_status| image:: https://argocd.ioot.xyz/api/badge?name=apps&revision=true
.. _`System Project`: https://argocd.ioot.xyz/applications?proj=system
.. _ArgoCD: https://argocd.ioot.xyz/applications/argocd/argocd .. _ArgoCD: https://argocd.ioot.xyz/applications/argocd/argocd
.. _GitOps tool for Kubernetes: https://argo-cd.readthedocs.io .. _GitOps tool for Kubernetes: https://argo-cd.readthedocs.io
.. |argocd_status| image:: https://argocd.ioot.xyz/api/badge?name=argocd&revision=true .. |argocd_status| image:: https://argocd.ioot.xyz/api/badge?name=argocd&revision=true
@ -61,6 +63,11 @@ Applications & Projects
.. _Rancher Local-Path: https://github.com/rancher/local-path-provisioner .. _Rancher Local-Path: https://github.com/rancher/local-path-provisioner
.. |local-path_status| image:: https://argocd.ioot.xyz/api/badge?name=local-path-provisioner&revision=true .. |local-path_status| image:: https://argocd.ioot.xyz/api/badge?name=local-path-provisioner&revision=true
.. _`Apps Project`: https://argocd.ioot.xyz/applications?proj=apps
.. _Oauth2-proxy: https://argocd.ioot.xyz/applications/argocd/oauth2-proxy
.. _Oauth2 Proxy: https://github.com/oauth2-proxy/oauth2-proxy
.. |oauth2-proxy_status| image:: https://argocd.ioot.xyz/api/badge?name=oauth2-proxy&revision=true
Cluster initialization Cluster initialization
=============================================================================== ===============================================================================

60
state/gullfaxi/apps/oauth2-proxy/application.yaml Normal file
View file

@ -0,0 +1,60 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: oauth2-proxy
spec:
destination:
server: https://kubernetes.default.svc
namespace: oauth2-proxy
project: apps
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
# https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository
source:
repoURL: https://oauth2-proxy.github.io/manifests
targetRevision: 6.16.1
chart: oauth2-proxy
helm:
values: |
# https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/values.yaml
config:
clientID: 13240a7012a34dbdd9c7
clientSecret: change_in_argocd
cookieSecret: change_in_argocd
configFile: |-
# https://github.com/kubernetes/ingress-nginx/issues/2831#issuecomment-407336056
provider = "github"
email_domains = [ "*" ]
upstreams = [ "file:///dev/null" ]
github_users = "amkartashov"
whitelist_domains = ".ioot.xyz"
cookie_refresh = "1m"
cookie_expire = "30m"
cookie_secure = "true"
cookie_domains = ".ioot.xyz"
ssl_insecure_skip_verify = "true"
pass_basic_auth = "false"
pass_access_token = "true"
pass_user_headers = "true"
set_authorization_header = "true"
pass_authorization_header = "true"
set_xauthrequest = true
# https://github.com/oauth2-proxy/oauth2-proxy/issues/1724#issuecomment-1199075723
scope = "user:email"
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt
hosts:
- oauth2.ioot.xyz
tls:
- hosts:
- oauth2.ioot.xyz
secretName: oauth2-tls