install oauth2 proxy for owntracks frontend
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
d3adf47756
commit
5b71cef0c3
|
@ -17,17 +17,46 @@ spec:
|
||||||
app: frontend
|
app: frontend
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- env:
|
- name: oauth2-proxy
|
||||||
|
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
env:
|
||||||
|
- name: OAUTH2_PROXY_HTTP_ADDRESS
|
||||||
|
value: :8080
|
||||||
|
- name: OAUTH2_PROXY_REVERSE_PROXY
|
||||||
|
value: "true"
|
||||||
|
- name: OAUTH2_PROXY_EMAIL_DOMAINS
|
||||||
|
value: tobru.ch
|
||||||
|
- name: OAUTH2_PROXY_PROVIDER
|
||||||
|
value: github
|
||||||
|
- name: OAUTH2_PROXY_REDIRECT_URL
|
||||||
|
value: https://whereis.tobru.ch/oauth2/callback
|
||||||
|
- name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME
|
||||||
|
value: tbrnt Gitea
|
||||||
|
- name: OAUTH2_PROXY_LOGIN_URL
|
||||||
|
value: https://git.tbrnt.ch/login/oauth/authorize
|
||||||
|
- name: OAUTH2_PROXY_REDEEM_URL
|
||||||
|
value: https://git.tbrnt.ch/login/oauth/access_token
|
||||||
|
- name: OAUTH2_PROXY_VALIDATE_URL
|
||||||
|
value: https://git.tbrnt.ch/api/v1
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: oauth2-proxy
|
||||||
|
args:
|
||||||
|
- --upstream
|
||||||
|
- http://127.0.0.1
|
||||||
|
- name: frontend
|
||||||
|
env:
|
||||||
- name: SERVER_HOST
|
- name: SERVER_HOST
|
||||||
value: owntracks
|
value: owntracks
|
||||||
- name: SERVER_PORT
|
- name: SERVER_PORT
|
||||||
value: "8083"
|
value: "8083"
|
||||||
image: docker.io/owntracks/frontend:v2.3.1
|
image: docker.io/owntracks/frontend:v2.3.1
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
name: frontend
|
|
||||||
ports:
|
|
||||||
- containerPort: 80
|
|
||||||
protocol: TCP
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /usr/share/nginx/html/config
|
- mountPath: /usr/share/nginx/html/config
|
||||||
name: config
|
name: config
|
||||||
|
|
|
@ -9,7 +9,7 @@ spec:
|
||||||
ports:
|
ports:
|
||||||
- port: 80
|
- port: 80
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
targetPort: 80
|
targetPort: 8080
|
||||||
selector:
|
selector:
|
||||||
app: frontend
|
app: frontend
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
|
18
owntracks/oauth2-secret.yaml
Normal file
18
owntracks/oauth2-secret.yaml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: oauth2-proxy
|
||||||
|
namespace: owntracks
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
OAUTH2_PROXY_CLIENT_ID: AgA9qWOAdUr8dJg/29lMCEA95so6R2StB0bC+JjcqlHHG7UlFfvbhJ5tmNTyFEzyf2J2F9w3oPrhyVE959QGVv6umBQdlVFqFb03pWZW3PAMmeZkDQzkrjRW287wF76HjQ8TqKKWXJl0OrtPU34uMxjYT8r+V3CoWQatGrldSr4/5jZaW3G32QSQ6DLAuYYg0mUjz5MIPcwhl8az8EOjaDPGhtW36QZ+ZbYUXH6kndO5KP2y3TUmuPUow58vf+IFHvxf/7FIDqOxOtsx+RHs1/oVbwZf1vz2pq29GqzkGX5MQsetLGHOO87zn1EJ+IQSK0jfLnS3sng4FNT/OQN4JLr2Ikf7LfWxcQPXbUAIMOVmmXZhOn6yjqVQzUg4gYsb5/NGRjtgT9OM54hMUwaoc1O9Q7o5icE6yFcKx4FgeY/1pPcd1u1hHnyH89dWGJi7cI3N4Pnjj+7QuL/FIHU/DcKRpUsHCyud2wUlCxl7piHoAcX1pZQMdXAKj3yVrpvyeqIuIE27l5AyzVmLG1NUEPU4adODRGozQ+oqQNz3l9YT7GD5Leb0zJTiaK0eOY66Srpl9jtwwntapzcsapTexx7vl8Ac6bewWKkBYkLQ9tyx2iw16pUIOmSZthcWdXjAwjTo5VpQZT6xVXh0LsQjlvEN3F0Xp3bMCoSd5nDQzENm96JdK8g1naUlGDtwXBC25kN2sopnxNjpyreniAIY5ojJg23eh2YjCenwOcVK6YCjnRN8klM=
|
||||||
|
OAUTH2_PROXY_CLIENT_SECRET: AgCeszY2nsAeXyr1tUN4Zc8TcZB1xFTtW4dr8JgEp3SqAbCPznA3JQ7APfU5/yhNBcD/r23aTGjNoe28BIZPiViKEDQDya/7mkGSg1hlQ7GEvXenhQv1WHMSjikYW1K1QQjeQWZVw/7c78RYXRFe1W7q0l2gHeHyshnSd3+CajszDaCxNVvC09DjqMY7zlNXkpncnxjronuJVBg5Xm0yBZzHZFOvxlzsY1kV+pRq53MGwSOsf6U83Lz+o5RD595Kd7nje6QU+jiVkqxDG9MHVu92e+aLEmvS+jxF6HqqF0US+FhH8qgGNiI42bAIW7ALEreMs9gWI2GS7FZQ5T8MelJeZwm8kL4xAGpIdZvcRVNfu1rUzr8KtN+0JjpIEiKvhsxjzWjgKD4LaGNdkObnseEfbZ1F47Hd6jBa0C8XSNKBKliZaK61teTveFsi45EUkiTokBJAOuTx5gWq2F8nFipIL2dIWSoJdOUefAKI7Q0g7C91wgWZSC/ROGpYncUpaLBcRoRI5Pm03XR0tqIFZ/NPLhlGZSloQLgGTMD6RzviKejKWYMsHHvy2E0dqF3mcpFMX4bHg1ry2XFc4YFz5nSdUpf5e6+DjiB9r8UnSjixRuBri/FI0TxxwwCZlNSwNf/P18P5qTFT1AMBRfd7Tdxn/aOr0MxMVcqRYwQ3tyUlBQYKf461Tm1pDYcHv+0ngt2unloNQP1Er8hxjKab+jNydSfwhvVUv42i/1sh5YP1quXCfqjz52CjoCFsiQ==
|
||||||
|
OAUTH2_PROXY_COOKIE_SECRET: AgBChwdtkdktON6RnUgoWmWV/vo2PBmjdZjPYkZQ3gcPYYe3LZ6rqaiVikfLKkulYB4IntR+8zvL/iAQD9Huyc6BlsLRbUM7KRAVcueJoHWBU35hdoAp/oVynLofJx9eELf27a5Y+2i4ov77UbSWRZIIRJomemNTcCLM/Xx/odfHu1I7PwjBYQO3f5VSd345+d8qTh9+KMklBCkeSj795lkhWw4pbxrZS6cC0EWV74uhaw8O8Oabbp76FuCmhgu+1xDRpdVpDaskgNqDowYt6QMUrDKtjQin5ofOLrZBuhwQQYr5beJ4yQZVXljPp6wf3gn+52k3IkMBiPH3ePx+E2Vl7c9w3sWD95QMfTOVDZYgumTB+UYTIKHsUfJATmZX/npqS5LseBSQ6F13ySXsjUNPR+BA7FPHvGIrVxI8Cosfd4td4gOYSLj7zByHUuorrGeABPz4tadAvWs4P/kjy6ZUojHh7mjqi2Umy+oL5Vq8Lu3YJ7BUb2ZfduyU2Kcf5lWjfHK9vxS4MhqpH9Iq5ng9z9S8I8Y1qVsrm8NTdgx0mS1T7Rc5dbYEPMy+g1f12nsvtMK6ERB0r/DTse/IYHgFMNoqsPZwrf0tVi2p5nwSei7ruBz5T8SsHGLgQjSjEXtgkzstDo3IBRxyw4kPB+Wc25Eg1kXtjwGD3pPr0f81RS6Bc9ZBERTYriBCOk9SSSA=
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: oauth2-proxy
|
||||||
|
namespace: owntracks
|
||||||
|
status: {}
|
||||||
|
|
Reference in a new issue