add oauth2-proxy service

2026-01-10 17:39:43 +00:00 · 2019-11-02 20:26:15 +07:00 · 2019-11-02 20:26:15 +07:00 · 246a8b5090
commit 246a8b5090
parent 135d03f001
7 changed files with 59 additions and 0 deletions
--- a/apps/services/certificate.yaml
+++ b/apps/services/certificate.yaml
@ -18,6 +18,7 @@ spec:
  - router.gorilych.ru
  - seafile.gorilych.ru
  - grafana.gorilych.ru
+  - oauth2.gorilych.ru
  acme:
    config:
    - http01: { ingressClass: nginx }
@ -30,5 +31,6 @@ spec:
      - router.gorilych.ru
      - seafile.gorilych.ru
      - grafana.gorilych.ru
+      - oauth2.gorilych.ru


--- a/apps/system/oauth2-proxy/.gitignore
+++ b/apps/system/oauth2-proxy/.gitignore
@ -0,0 +1,2 @@
+requirements.lock
+charts/
--- a/apps/system/oauth2-proxy/Chart.yaml
+++ b/apps/system/oauth2-proxy/Chart.yaml
@ -0,0 +1 @@
+name: oauth2-proxy
--- a/apps/system/oauth2-proxy/requirements.yaml
+++ b/apps/system/oauth2-proxy/requirements.yaml
@ -0,0 +1,4 @@
+dependencies:
+- name: oauth2-proxy
+  version: '1.1.0'
+  repository: '@stable'
--- a/apps/system/oauth2-proxy/templates/namespace.yaml
+++ b/apps/system/oauth2-proxy/templates/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: oauth2-proxy
--- a/apps/system/oauth2-proxy/values.yaml
+++ b/apps/system/oauth2-proxy/values.yaml
@ -0,0 +1,22 @@
+oauth2-proxy:
+  config:
+    existingSecret: oauth2-proxy
+  extraArgs:
+    provider: github
+    cookie-domain: .gorilych.ru
+    whitelist-domain: .gorilych.ru
+  authenticatedEmailsFile:
+    enabled: true
+    restricted_access: |-
+      gorilych@gmail.com
+  ngress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: nginx
+    hosts:
+    - oauth2.gorilych.ru
+    tls:
+    - hosts:
+      - oauth2.gorilych.ru
+      secretName: san-gorilych-ru-tls
+
--- a/main/templates/oauth2-proxy.yaml
+++ b/main/templates/oauth2-proxy.yaml
@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2-proxy
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: oauth2-proxy
+    server: https://kubernetes.default.svc 
+  project: default
+  source:
+    path: apps/system/oauth2-proxy
+    repoURL: git@github.com:gorilych/gf-k8s
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+  ignoreDifferences:
+  - group: apiextensions.k8s.io
+    kind: CustomResourceDefinition
+    jsonPointers:
+    - /status