add oauth2-proxy service

apps/services/certificate.yaml

@@ -18,6 +18,7 @@ spec:
   - router.gorilych.ru
   - seafile.gorilych.ru
   - grafana.gorilych.ru
+  - oauth2.gorilych.ru
   acme:
     config:
     - http01: { ingressClass: nginx }
@@ -30,5 +31,6 @@ spec:
       - router.gorilych.ru
       - seafile.gorilych.ru
       - grafana.gorilych.ru
+      - oauth2.gorilych.ru
 
 

apps/system/oauth2-proxy/.gitignore

@@ -0,0 +1,2 @@
+requirements.lock
+charts/

apps/system/oauth2-proxy/Chart.yaml

@@ -0,0 +1 @@
+name: oauth2-proxy

apps/system/oauth2-proxy/requirements.yaml

@@ -0,0 +1,4 @@
+dependencies:
+- name: oauth2-proxy
+  version: '1.1.0'
+  repository: '@stable'

apps/system/oauth2-proxy/templates/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: oauth2-proxy

apps/system/oauth2-proxy/values.yaml

@@ -0,0 +1,22 @@
+oauth2-proxy:
+  config:
+    existingSecret: oauth2-proxy
+  extraArgs:
+    provider: github
+    cookie-domain: .gorilych.ru
+    whitelist-domain: .gorilych.ru
+  authenticatedEmailsFile:
+    enabled: true
+    restricted_access: |-
+      gorilych@gmail.com
+  ngress:
+    enabled: true
+    annotations:
+      kubernetes.io/ingress.class: nginx
+    hosts:
+    - oauth2.gorilych.ru
+    tls:
+    - hosts:
+      - oauth2.gorilych.ru
+      secretName: san-gorilych-ru-tls
+

main/templates/oauth2-proxy.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2-proxy
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: oauth2-proxy
+    server: https://kubernetes.default.svc 
+  project: default
+  source:
+    path: apps/system/oauth2-proxy
+    repoURL: git@github.com:gorilych/gf-k8s
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+  ignoreDifferences:
+  - group: apiextensions.k8s.io
+    kind: CustomResourceDefinition
+    jsonPointers:
+    - /status