install oauth2 proxy for owntracks frontend
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
d3adf47756
commit
5b71cef0c3
|
@ -17,17 +17,46 @@ spec:
|
|||
app: frontend
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: oauth2-proxy
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
protocol: TCP
|
||||
name: http
|
||||
env:
|
||||
- name: OAUTH2_PROXY_HTTP_ADDRESS
|
||||
value: :8080
|
||||
- name: OAUTH2_PROXY_REVERSE_PROXY
|
||||
value: "true"
|
||||
- name: OAUTH2_PROXY_EMAIL_DOMAINS
|
||||
value: tobru.ch
|
||||
- name: OAUTH2_PROXY_PROVIDER
|
||||
value: github
|
||||
- name: OAUTH2_PROXY_REDIRECT_URL
|
||||
value: https://whereis.tobru.ch/oauth2/callback
|
||||
- name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME
|
||||
value: tbrnt Gitea
|
||||
- name: OAUTH2_PROXY_LOGIN_URL
|
||||
value: https://git.tbrnt.ch/login/oauth/authorize
|
||||
- name: OAUTH2_PROXY_REDEEM_URL
|
||||
value: https://git.tbrnt.ch/login/oauth/access_token
|
||||
- name: OAUTH2_PROXY_VALIDATE_URL
|
||||
value: https://git.tbrnt.ch/api/v1
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: oauth2-proxy
|
||||
args:
|
||||
- --upstream
|
||||
- http://127.0.0.1
|
||||
- name: frontend
|
||||
env:
|
||||
- name: SERVER_HOST
|
||||
value: owntracks
|
||||
- name: SERVER_PORT
|
||||
value: "8083"
|
||||
image: docker.io/owntracks/frontend:v2.3.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: frontend
|
||||
ports:
|
||||
- containerPort: 80
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /usr/share/nginx/html/config
|
||||
name: config
|
||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
|||
ports:
|
||||
- port: 80
|
||||
protocol: TCP
|
||||
targetPort: 80
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: frontend
|
||||
type: ClusterIP
|
||||
|
|
18
owntracks/oauth2-secret.yaml
Normal file
18
owntracks/oauth2-secret.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oauth2-proxy
|
||||
namespace: owntracks
|
||||
spec:
|
||||
encryptedData:
|
||||
OAUTH2_PROXY_CLIENT_ID: AgA9qWOAdUr8dJg/29lMCEA95so6R2StB0bC+JjcqlHHG7UlFfvbhJ5tmNTyFEzyf2J2F9w3oPrhyVE959QGVv6umBQdlVFqFb03pWZW3PAMmeZkDQzkrjRW287wF76HjQ8TqKKWXJl0OrtPU34uMxjYT8r+V3CoWQatGrldSr4/5jZaW3G32QSQ6DLAuYYg0mUjz5MIPcwhl8az8EOjaDPGhtW36QZ+ZbYUXH6kndO5KP2y3TUmuPUow58vf+IFHvxf/7FIDqOxOtsx+RHs1/oVbwZf1vz2pq29GqzkGX5MQsetLGHOO87zn1EJ+IQSK0jfLnS3sng4FNT/OQN4JLr2Ikf7LfWxcQPXbUAIMOVmmXZhOn6yjqVQzUg4gYsb5/NGRjtgT9OM54hMUwaoc1O9Q7o5icE6yFcKx4FgeY/1pPcd1u1hHnyH89dWGJi7cI3N4Pnjj+7QuL/FIHU/DcKRpUsHCyud2wUlCxl7piHoAcX1pZQMdXAKj3yVrpvyeqIuIE27l5AyzVmLG1NUEPU4adODRGozQ+oqQNz3l9YT7GD5Leb0zJTiaK0eOY66Srpl9jtwwntapzcsapTexx7vl8Ac6bewWKkBYkLQ9tyx2iw16pUIOmSZthcWdXjAwjTo5VpQZT6xVXh0LsQjlvEN3F0Xp3bMCoSd5nDQzENm96JdK8g1naUlGDtwXBC25kN2sopnxNjpyreniAIY5ojJg23eh2YjCenwOcVK6YCjnRN8klM=
|
||||
OAUTH2_PROXY_CLIENT_SECRET: AgCeszY2nsAeXyr1tUN4Zc8TcZB1xFTtW4dr8JgEp3SqAbCPznA3JQ7APfU5/yhNBcD/r23aTGjNoe28BIZPiViKEDQDya/7mkGSg1hlQ7GEvXenhQv1WHMSjikYW1K1QQjeQWZVw/7c78RYXRFe1W7q0l2gHeHyshnSd3+CajszDaCxNVvC09DjqMY7zlNXkpncnxjronuJVBg5Xm0yBZzHZFOvxlzsY1kV+pRq53MGwSOsf6U83Lz+o5RD595Kd7nje6QU+jiVkqxDG9MHVu92e+aLEmvS+jxF6HqqF0US+FhH8qgGNiI42bAIW7ALEreMs9gWI2GS7FZQ5T8MelJeZwm8kL4xAGpIdZvcRVNfu1rUzr8KtN+0JjpIEiKvhsxjzWjgKD4LaGNdkObnseEfbZ1F47Hd6jBa0C8XSNKBKliZaK61teTveFsi45EUkiTokBJAOuTx5gWq2F8nFipIL2dIWSoJdOUefAKI7Q0g7C91wgWZSC/ROGpYncUpaLBcRoRI5Pm03XR0tqIFZ/NPLhlGZSloQLgGTMD6RzviKejKWYMsHHvy2E0dqF3mcpFMX4bHg1ry2XFc4YFz5nSdUpf5e6+DjiB9r8UnSjixRuBri/FI0TxxwwCZlNSwNf/P18P5qTFT1AMBRfd7Tdxn/aOr0MxMVcqRYwQ3tyUlBQYKf461Tm1pDYcHv+0ngt2unloNQP1Er8hxjKab+jNydSfwhvVUv42i/1sh5YP1quXCfqjz52CjoCFsiQ==
|
||||
OAUTH2_PROXY_COOKIE_SECRET: AgBChwdtkdktON6RnUgoWmWV/vo2PBmjdZjPYkZQ3gcPYYe3LZ6rqaiVikfLKkulYB4IntR+8zvL/iAQD9Huyc6BlsLRbUM7KRAVcueJoHWBU35hdoAp/oVynLofJx9eELf27a5Y+2i4ov77UbSWRZIIRJomemNTcCLM/Xx/odfHu1I7PwjBYQO3f5VSd345+d8qTh9+KMklBCkeSj795lkhWw4pbxrZS6cC0EWV74uhaw8O8Oabbp76FuCmhgu+1xDRpdVpDaskgNqDowYt6QMUrDKtjQin5ofOLrZBuhwQQYr5beJ4yQZVXljPp6wf3gn+52k3IkMBiPH3ePx+E2Vl7c9w3sWD95QMfTOVDZYgumTB+UYTIKHsUfJATmZX/npqS5LseBSQ6F13ySXsjUNPR+BA7FPHvGIrVxI8Cosfd4td4gOYSLj7zByHUuorrGeABPz4tadAvWs4P/kjy6ZUojHh7mjqi2Umy+oL5Vq8Lu3YJ7BUb2ZfduyU2Kcf5lWjfHK9vxS4MhqpH9Iq5ng9z9S8I8Y1qVsrm8NTdgx0mS1T7Rc5dbYEPMy+g1f12nsvtMK6ERB0r/DTse/IYHgFMNoqsPZwrf0tVi2p5nwSei7ruBz5T8SsHGLgQjSjEXtgkzstDo3IBRxyw4kPB+Wc25Eg1kXtjwGD3pPr0f81RS6Bc9ZBERTYriBCOk9SSSA=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oauth2-proxy
|
||||
namespace: owntracks
|
||||
status: {}
|
||||
|
Reference in a new issue