From 3de260130803bffbca544fed97e751db842214c6 Mon Sep 17 00:00:00 2001 From: Andrey Kartashov Date: Tue, 19 Nov 2019 13:42:48 +0700 Subject: [PATCH] logging: graylog: try oauth2-proxy --- apps/system/logging/values.yaml | 14 ++++++++++++++ apps/system/oauth2-proxy/values.yaml | 1 + 2 files changed, 15 insertions(+) diff --git a/apps/system/logging/values.yaml b/apps/system/logging/values.yaml index ad3b49d..a7acba7 100644 --- a/apps/system/logging/values.yaml +++ b/apps/system/logging/values.yaml @@ -30,6 +30,20 @@ graylog: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt + nginx.ingress.kubernetes.io/auth-url: https://oauth2.gorilych.ru/oauth2/auth + nginx.ingress.kubernetes.io/auth-signin: https://oauth2.gorilych.ru/oauth2/start?rd=$scheme://$host$request_uri + nginx.ingress.kubernetes.io/auth-response-headers: X-Forwarded-Email,X-Forwarded-User,X-Roles + nginx.ingress.kubernetes.io/configuration-snippet: | + auth_request_set $name_upstream_1 $upstream_cookie_name_1; + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-Forwarded-User $user; + proxy_set_header X-Forwarded-Email $email; + access_by_lua_block { + if ngx.var.name_upstream_1 ~= "" then + ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)") + end + } hosts: - graylog.gorilych.ru tls: diff --git a/apps/system/oauth2-proxy/values.yaml b/apps/system/oauth2-proxy/values.yaml index d270a45..bb990ef 100644 --- a/apps/system/oauth2-proxy/values.yaml +++ b/apps/system/oauth2-proxy/values.yaml @@ -8,6 +8,7 @@ oauth2-proxy: provider: github cookie-domain: .gorilych.ru whitelist-domain: .gorilych.ru + set-xauthrequest: true authenticatedEmailsFile: enabled: true restricted_access: |-