amkartashov/gf-k8s
1
0
Fork 0
mirror of https://github.com/amkartashov/gf-k8s.git synced 2026-01-10 17:39:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

logging: graylog: try oauth2-proxy

Browse source
This commit is contained in:
Andrey Kartashov 2019-11-19 13:42:48 +07:00
parent e06beb45f2
commit 3de2601308
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
apps/system/logging/values.yaml
View file

@ -30,6 +30,20 @@ graylog:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/auth-url: https://oauth2.gorilych.ru/oauth2/auth
nginx.ingress.kubernetes.io/auth-signin: https://oauth2.gorilych.ru/oauth2/start?rd=$scheme://$host$request_uri
nginx.ingress.kubernetes.io/auth-response-headers: X-Forwarded-Email,X-Forwarded-User,X-Roles
nginx.ingress.kubernetes.io/configuration-snippet: |
auth_request_set $name_upstream_1 $upstream_cookie_name_1;
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-Forwarded-User $user;
proxy_set_header X-Forwarded-Email $email;
access_by_lua_block {
if ngx.var.name_upstream_1 ~= "" then
ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
end
}
hosts:
- graylog.gorilych.ru
tls:

1
apps/system/oauth2-proxy/values.yaml
View file

@ -8,6 +8,7 @@ oauth2-proxy:
provider: github
cookie-domain: .gorilych.ru
whitelist-domain: .gorilych.ru
set-xauthrequest: true
authenticatedEmailsFile:
enabled: true
restricted_access: |-