From 246a8b5090f95a0c71e9c8591ba89e8ee4358d16 Mon Sep 17 00:00:00 2001 From: Andrey Kartashov Date: Sat, 2 Nov 2019 20:26:15 +0700 Subject: [PATCH] add oauth2-proxy service --- apps/services/certificate.yaml | 2 ++ apps/system/oauth2-proxy/.gitignore | 2 ++ apps/system/oauth2-proxy/Chart.yaml | 1 + apps/system/oauth2-proxy/requirements.yaml | 4 ++++ .../oauth2-proxy/templates/namespace.yaml | 4 ++++ apps/system/oauth2-proxy/values.yaml | 22 +++++++++++++++++ main/templates/oauth2-proxy.yaml | 24 +++++++++++++++++++ 7 files changed, 59 insertions(+) create mode 100644 apps/system/oauth2-proxy/.gitignore create mode 100644 apps/system/oauth2-proxy/Chart.yaml create mode 100644 apps/system/oauth2-proxy/requirements.yaml create mode 100644 apps/system/oauth2-proxy/templates/namespace.yaml create mode 100644 apps/system/oauth2-proxy/values.yaml create mode 100644 main/templates/oauth2-proxy.yaml diff --git a/apps/services/certificate.yaml b/apps/services/certificate.yaml index 2782ced..a920354 100644 --- a/apps/services/certificate.yaml +++ b/apps/services/certificate.yaml @@ -18,6 +18,7 @@ spec: - router.gorilych.ru - seafile.gorilych.ru - grafana.gorilych.ru + - oauth2.gorilych.ru acme: config: - http01: { ingressClass: nginx } @@ -30,5 +31,6 @@ spec: - router.gorilych.ru - seafile.gorilych.ru - grafana.gorilych.ru + - oauth2.gorilych.ru diff --git a/apps/system/oauth2-proxy/.gitignore b/apps/system/oauth2-proxy/.gitignore new file mode 100644 index 0000000..719aed9 --- /dev/null +++ b/apps/system/oauth2-proxy/.gitignore @@ -0,0 +1,2 @@ +requirements.lock +charts/ diff --git a/apps/system/oauth2-proxy/Chart.yaml b/apps/system/oauth2-proxy/Chart.yaml new file mode 100644 index 0000000..8d1467e --- /dev/null +++ b/apps/system/oauth2-proxy/Chart.yaml @@ -0,0 +1 @@ +name: oauth2-proxy diff --git a/apps/system/oauth2-proxy/requirements.yaml b/apps/system/oauth2-proxy/requirements.yaml new file mode 100644 index 0000000..4c340cb --- /dev/null +++ b/apps/system/oauth2-proxy/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: oauth2-proxy + version: '1.1.0' + repository: '@stable' diff --git a/apps/system/oauth2-proxy/templates/namespace.yaml b/apps/system/oauth2-proxy/templates/namespace.yaml new file mode 100644 index 0000000..ded8ae8 --- /dev/null +++ b/apps/system/oauth2-proxy/templates/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: oauth2-proxy diff --git a/apps/system/oauth2-proxy/values.yaml b/apps/system/oauth2-proxy/values.yaml new file mode 100644 index 0000000..5274af0 --- /dev/null +++ b/apps/system/oauth2-proxy/values.yaml @@ -0,0 +1,22 @@ +oauth2-proxy: + config: + existingSecret: oauth2-proxy + extraArgs: + provider: github + cookie-domain: .gorilych.ru + whitelist-domain: .gorilych.ru + authenticatedEmailsFile: + enabled: true + restricted_access: |- + gorilych@gmail.com + ngress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - oauth2.gorilych.ru + tls: + - hosts: + - oauth2.gorilych.ru + secretName: san-gorilych-ru-tls + diff --git a/main/templates/oauth2-proxy.yaml b/main/templates/oauth2-proxy.yaml new file mode 100644 index 0000000..27771ff --- /dev/null +++ b/main/templates/oauth2-proxy.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: oauth2-proxy + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: oauth2-proxy + server: https://kubernetes.default.svc + project: default + source: + path: apps/system/oauth2-proxy + repoURL: git@github.com:gorilych/gf-k8s + syncPolicy: + automated: + prune: true + selfHeal: true + ignoreDifferences: + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + jsonPointers: + - /status