full oauth2 configuration for owntracks
This commit is contained in:
parent
78ae9d4e71
commit
dcf89a0944
|
@ -45,14 +45,14 @@ spec:
|
|||
value: https://git.tbrnt.ch/api/v1
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: oauth2-proxy
|
||||
name: oauth2-proxy-frontend
|
||||
args:
|
||||
- --upstream
|
||||
- http://127.0.0.1
|
||||
- name: frontend
|
||||
env:
|
||||
- name: SERVER_HOST
|
||||
value: owntracks
|
||||
value: recorder
|
||||
- name: SERVER_PORT
|
||||
value: "8083"
|
||||
image: docker.io/owntracks/frontend:v2.3.1
|
||||
|
|
18
owntracks/frontend/oauth2-secret.yaml
Normal file
18
owntracks/frontend/oauth2-secret.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oauth2-proxy-frontend
|
||||
namespace: owntracks
|
||||
spec:
|
||||
encryptedData:
|
||||
OAUTH2_PROXY_CLIENT_ID: AgAbUwgFpg6D5xeyhYXgr6B8c6l/EN15ie5AX/hBbrFtcWPG4iLwMWmu9Xrhm5w3FbCXBttXag/ZW/UpX8x8EK/EOKzA0OTkChUVhACCz9BsYOceQxS41nxk5GUhpng/Z47Ton/bT3xpLwHempWBjSM7v+elDmgYgAdjjs5eoN4yQ+7hyLNKkvDPSCZnXUfEyS+Rlx412C5q3BcA7VGHcXVOJp3oesNPhd7BUcPARAA7HUvz7bTivwSru2M0UEJ9JrpNpu7sShC0QaF6tP4UYOE9TFi+rIfxOcVJPmr6irLiqYGMRlnnwjxTsr+Z699WN26D17exzhbtXN9c8is0FJWCzQrIali6lNoCyLvbWPQyOSMKhXd/xmVkBfv8n8uYK4lK/pX/7YcjSdcBawVTouz+B8PWlW5drNcXHltH1NtZOJ1Nrv+d3uoHYxNjfisMGRaXJLcFNN9jI9eWHAZfj52h6jogk1Mnz3qSgsHNH1YPI1Nh4JDfRO3TcWRKgxGH2zJ/mMoIJzPe2TvfuugX0xVXLbDom7OT/g452AljVoofTyA195HzyXc8uP9JkIB179QuNS2nH3ZuonOWKyrhMyJXB2hs97w7qiWUr25s8bu8/+fHVMfQuD4wvFdKKedCH7wxmQ7eGbJRUr2Ihp5PVzlFkJ4JZXOKba5aZhtvrPz4nYzgqlTMR9+MdYO8MWnvzw+RO/VptMgKuW0SmgOQ9K3VbUjPQ7dNNhYUetXfpuhLXMtasMM=
|
||||
OAUTH2_PROXY_CLIENT_SECRET: AgAUSp9/V2D08aGD3sQakxNJa6Zlynw5LzZA3p6BrDQRn1FVb20anPgOXOJCR1SSbYGAWTAMZNuk3jM0q4e3qMMDO/dgB2rxxxTzVMzHGgJP/BIfwkCZcbrOr0YjlKkGT+EHWtrF2itZAisSAIeMSkTmEbAq1WeJOhgVKmkYMbMudKyqhSvfkmpIiX7LOYVsouxmAOcMf34PnK/Fw+rkwg57o+a5dySSszRtk/e3Tn3T8pcDcx5OybGYQab0QY2hI7/FZzXyy1/jaGsO3+/FysgvHsIr8s+Ey10kTxvgtwBUi4WkkqOM1A8ubBhKQU478pwKW6tMYfZ7AaTafSm0ECd0b9SIi1kNSjMjyaej+PRICOxePhyFHmLlRiyTQgVYQu9VMfevo9A0poYjD2imnczokIxaBISP1TaBvtN/Zq0f/abc12ScewRQ3oe6hqnywCM3q7P/NEF8wUbKpz9GxG/LYTWd0jq9wMqI5CHTkViGzcxRkP84fjs4y55dhcZdHvFmh7hbs7fdM/9mCjh+Newyb6WWC8Gi9KfKsgsHHr1XZDDo7HXn1CCxFeoL5cpGTgJCCWraaDbZXCHbkpjlcx9waHcPc0nP5dWDpJlprTZ35GANyiUoxGo6qZp/20Sx8nCdBUVerX9gugYrNKvZhp5PRbRAhajngOn2WP2BLXKVNezzq25uVHl58FijSGwSUtaUMZznXYHIKOU3OYM0OoPpten9sp2KotbsZoyy1Tf/fErOF5+5dBWf2003lQ==
|
||||
OAUTH2_PROXY_COOKIE_SECRET: AgBElq1y1iSOElfa/LU+QneYo/TeqOQo0cv95TBbnbYCuW4L9zA80ljLMsdb0TP/lSuBh3FzpGqxUbY7ln0glwjIQ9Kn1QD+Q4nv1g6uRyv/7urbEzXbNBCLBjnax6fETsZkJjwYsUmw8YEDJ3KXMyqI/FRK26cDab/bmeZW78laN10KZ6XvwmJWvDp/UML+L8RV1pzdlOH4ua+TmXKope/fQBkMpjV8MkaHRuY281liFW217vsNPXuKXtFXVuWLQ2meVlpaQpWt6+0hz09ytM3pAJcr0LVm2Ch+GLHuW5UlLKvU7aHq/t2LW9LiSW17eloVQgHV2gYqjye+135C4StfjbabiKaIiL26Z+O/pVh492BWW6/RuJhfzwROnOLTszbSYtvEOo6DSzW6a+WUGTHaBn48MOLc+bb2YQVSe27mG6tkBOjgEMH5Q14xfb7lm7Rgvq7qIH2FiADP2bIvJ3zllVoLB+3axV0h3+Sz+VK4PaTVDOE+z/cLdPmjHP1dJg9lmP2jQ5JfCorsf88dW076L47yzoflWUCfnoNKGm658JOoelu2MiP+enpGhQeDLzH7r1r4bCWQlNwCU98PafyAaQtYeQ22xPOtlq0mnJ3ohbl4Di84BxjsPwLVZZoq4rJieoOve7wQxB02sQ/BxUs7rrSSEXtVr69VfLuI3J8Fv2iHvbx/eTOiBGLJJo0IYkgdXT8Jr+kbexpxuQPSzGVPrNPBK3sXoyjqGKXJnQGq9A==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oauth2-proxy-frontend
|
||||
namespace: owntracks
|
||||
status: {}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oauth2-proxy
|
||||
namespace: owntracks
|
||||
spec:
|
||||
encryptedData:
|
||||
OAUTH2_PROXY_CLIENT_ID: AgBCu2Lpj6DGPF6r77OlPC9JstJnwOBin0l+eSfC977ve2rgV5PGkSl68/yBk+4+IicStcSMrIdR9jEIFRrmL+ThOWCXsxU10L/r0SMc9V0aNE85hCeUI/tT5sU5QCMtpO+wJtUidxvPT5+QblVsTpCDDODTmV9SJiC3+Ortty5rqMOPE64V/04yT4crG3383zhnNlEdpZGsXq0rzmsn9llosloG9E6LFvVUFKQkq40WGu33ljr4UaUcV8pZbAn2H9UB5wSBRpqCJijAJgvUD5SKjRVtGM8r/0MCDZFnMoJVSsvqBeCzJhBJRR2IgrkRgY1NagNjGvDCcDoFuUz4WxQbYeHFHv+YDSh3qYuROiEss0dhxXnMs0uJ0fOFEhwt+Vx/Ny8MNw9BQBCx4qzaDBp4zMmvZ9ViZJ/nobEYZPQuvvSfvL1SlMh3W+DhlepQ7F+2aKVKUakN+WRpy5f3tfao27zJZC0aO0PuREJ0dJlowt3aME9CH+xSwH5z3zmQDajoS5QWjmsuyw5nStWXfCsXnsh2knYn2ur0eYMlK9H7voScMysng7kLeWXMzy9R1esj3p862O628S0qf/eeM63TGUcxDCTTEz641Uovj6PnotZcZO4U1ndQgCF72cUnQkrEuiyjH2rT462Cbwcgxyyx9qVyhXZX+x1jAPaV8YbrPkx1/8xJ/KjULuRZaPU7l9UHkgSBIO+h9egi4q5hXhqLQ0ScTnuNM7ZgisvIP805BwZqc2M=
|
||||
OAUTH2_PROXY_CLIENT_SECRET: AgAn8UTPLDHcgY80m5aIylyMjMvWl1d5wsGoZ5QjdPS8yRJxxBiqqK8/msXCIsjdtNtDeF9OBq2UxyRm2mdU9lYN5pCicMYYLt4cRlcYHkcNpOEwxH3WZYefMcWlEKQpFEeg+B+MG7jmfIKGoIAL1JfojF2Qrt3gD06caAOcigjjCLZM0a7Y9owP+8Z8xmc+1zG6x9Z2PH8ekOkbJTu5l1nAxgYQXpl14nwVCJV/o+3eVU+Ky+zfrhCJN/Cw4eJoNDsJXRw4pxXe0w6FXiy3yx/cXrU2y4qmOfvRVWPY75O9WLCfDWw2zEiHb9Ks60yYkknkdlv9ZlzzTE0lq2M8RMeEjRJVMVrRXLcARo3IHWm2r0L3RU46U8VDOkYJDsYEThT5c4nacK/PU1UYHwEnsrHormB3W2FGS0lI3boDY8gkXX4WaX4NvD2N66SYpFmyRfTZU1rtiC2JXrvprdjJefbM+N9ZGZxKcO72PQJ4cFRTyn5fEsClocGt4JSEzu29I6VP7nwmmGE+TgatHonCxgNCka+n/NJdgrJcz8LNjnihIbBuaT7x9/NmJ8rkGIG8TCGPh/iOJt9ZFIdVgqMneW2wKIQZcAD0wSFEy6U984YCOOvW00VkKqIRyJDPUwRLdjBJ8mK2E+tUlYpAknEXFMu9QB86zuP3oR/PwCGd/SauDKBQzChTh/zKqQpo2UbLV0ufOCasRefdqC/GORhVKgOYP5hijk1yv9ogjKTkmqKqlOtjYFJnoDuCYvX/Lw==
|
||||
OAUTH2_PROXY_COOKIE_SECRET: AgCLepha3T61OQFK4lDoivgOX7fdVYVvMWZYk8x4ZXggSaJvcMSgmoUU5h+kmVLB73F1JGqE7Ck3wLtNHKnBzPAvAiNk6CxGItlE3QPImkz0ED7Ipf7K8MrK9G6TAW68w8+rI64bpGvVbcAW6GOjOKm/nMSAakgicXXWtA2JBRSmnqE6UVXYb770UxN82LKeIgriberb4rGAMNjAi7ziDmy7L2OyyPgzK1KRxI4WaitqaPP2q4PEQAuJPq+9w1hAWSHP9V4PR8VmPRpUmMwK9sd6M6oMrqc3fNqZc0CN7tHIDdx+lapwI5tXwGia++C5m/ku3TVZIib4khjfVSi3xvU0KbLv2mQBWI9tR8VwmpP1ALLeYuSMoI/3BtQ2QlQUZ6qy1dbYsdFgwPJZNPnsgb+QZbhjYXlSgLmEC7MrZf6Bho1AHmyoUKW25Wn6GZnz3Hm+0S9CYyGPvZCjQ8TY2px9mc2D8kyZdpqZeLVkW73LWQentAMIBVgkpC3mNccNXSyXghlbOGZCtwMZPLtiuKm6wsJmf5x7xirG7hihZGKOQ+NuYosT3sbiNGV2R9rO9gtdXYljHI2QyP/19HvFIH2dcTdaa5c/ktl77DdhvpvJZaUU2WZe6NzYQv9AAPbIsLqmJRfmMzKkKBUbj7tNmaIiYZc+T+IQx/Kw0pKXb0I2xMKHpR8zDkFSQwGjsrEe5VdwkIVf/fJRaMYZesmmbiKKFNGSS0Y+vIYdTF2FLE0w3g==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oauth2-proxy
|
||||
namespace: owntracks
|
||||
status: {}
|
||||
|
|
@ -17,27 +17,65 @@ spec:
|
|||
app: recorder
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: oauth2-proxy
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
protocol: TCP
|
||||
name: http
|
||||
env:
|
||||
- name: OAUTH2_PROXY_HTTP_ADDRESS
|
||||
value: :8080
|
||||
- name: OAUTH2_PROXY_REVERSE_PROXY
|
||||
value: "true"
|
||||
- name: OAUTH2_PROXY_EMAIL_DOMAINS
|
||||
value: tobru.ch
|
||||
- name: OAUTH2_PROXY_PROVIDER
|
||||
value: github
|
||||
- name: OAUTH2_PROXY_REDIRECT_URL
|
||||
value: https://owntracks.tobru.ch/oauth2/callback
|
||||
- name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME
|
||||
value: tbrnt Gitea
|
||||
- name: OAUTH2_PROXY_LOGIN_URL
|
||||
value: https://git.tbrnt.ch/login/oauth/authorize
|
||||
- name: OAUTH2_PROXY_REDEEM_URL
|
||||
value: https://git.tbrnt.ch/login/oauth/access_token
|
||||
- name: OAUTH2_PROXY_VALIDATE_URL
|
||||
value: https://git.tbrnt.ch/api/v1
|
||||
- name: OAUTH2_PROXY_SKIP_AUTH_REGEX
|
||||
value: ^\/(view|static)\/.*$
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: oauth2-proxy-recorder
|
||||
args:
|
||||
- --upstream
|
||||
- http://127.0.0.1:8083
|
||||
securityContext:
|
||||
runAsUser: 9999
|
||||
runAsGroup: 9999
|
||||
- name: recorder
|
||||
env:
|
||||
- name: OTR_HOST
|
||||
value: mqtt-plain.mosquitto.svc.cluster.local
|
||||
- name: OTR_USER
|
||||
value: ot-recorder
|
||||
image: docker.io/owntracks/recorder:0.8.6-12
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: recorder
|
||||
command:
|
||||
- ot-recorder
|
||||
- --viewsdir
|
||||
- /htdocs/viewsjson
|
||||
ports:
|
||||
- containerPort: 8083
|
||||
protocol: TCP
|
||||
name: recorder
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /api/0/monitor
|
||||
port: 8083
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 30
|
||||
ports:
|
||||
- containerPort: 8083
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /store
|
||||
|
|
|
@ -16,7 +16,7 @@ spec:
|
|||
- path: /
|
||||
backend:
|
||||
serviceName: owntracks
|
||||
servicePort: 8083
|
||||
servicePort: 8080
|
||||
tls:
|
||||
- hosts:
|
||||
- owntracks.tobru.ch
|
||||
|
|
18
owntracks/recorder/oauth2-secret.yaml
Normal file
18
owntracks/recorder/oauth2-secret.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oauth2-proxy-recorder
|
||||
namespace: owntracks
|
||||
spec:
|
||||
encryptedData:
|
||||
OAUTH2_PROXY_CLIENT_ID: AgBaSfU6w/u0rUe+ooG6MfH18uKvkHm9W+UiI0dQrZ75nq3uGUR/5DpRtqvI2LX1AjaoDjUttummcm/NBtQSGFZ1AKalmFCN/39mEUrlN6tWIdDKvSS3zVKeounuq251eYCdWeaiTqBv3gMOFEdZp7JVauaBJNpCRASk/+sIesNVa4ilV9oL6Yppy5NOxPq8TIsXo8e/TSbu4VTKOkijdKfUPrl1GF/CbdcajwbkAIdTAX0g/2cvywfJZWM5LVJ9hjYipfODMIrRY5L/GIpXdVkXxDz24QRd8jhUcTS2i8jzesIb+os8Sz9i/DPg7bn+mwp66YnB4Q4Z+c3Y0QMLODqBNYJXb8x2vNL7BIuUKtDjYhdplC2fGEfcBHuJ7S3xBOlwZM3Z++o05vLnlMBRjXyFL//xiwZCppCVw5CsC7yR7+iY7dBrQy7mCmSK5OByb0Ydjh0iWl+bJTSN0u3xbYi27HGfMomCXtcwyBRUJV1iHjZWAhVa31ZqqUBb4MAVks6RwJCfrCM9i3bkTRQbVSGlNLgx/kjvtF+jFPy2LM0AVFWN2JMWMon+qDxmzRTNObinIRz14wCrxiqxTYON4wYCyEB6ZwykO2UlN6XKLFl+sWLp4/z24ZhfGsLIV95vt/Gtr8PiaoXIy5NfG85r0fPRRa/a3Yuvi2JhmY5lanuC4gp7bygicVmiVSTmgTlWts1tGbo8lmJh1ufaKjA/It07PDfzSgzY5tQ0uqNBnzwHhp9YxiI=
|
||||
OAUTH2_PROXY_CLIENT_SECRET: AgBzwvWzjU1Kgwmvyzl/P79Mq76utpjIGQYHasDeQdy8zloFYlS/CGpmaqQnqTuxy1Guh7ivGKNYdZeTMRtp+DjToomwAie3UwJHZIoQWc3dHRJnEOaKM4vgQRLpFIPa7Dt9yuI64d3J9h+Q0W2CB0vxI4YaeuvLXaZJrAslauKZdC/n23Zx65ihR4EPneOt5XZ4IwHufYLYwupfte6MXD4TMHF7TFOzob3XuZO/6Kqs0JcNeGuTotVhEQr6XkBvD8x1pHEYPWpsWdhkY0wVXHxD6wfFLPXK2xrAuroep7155wyKPCr68F36obGAx+q3lIr4lGJglj+6APicz6rRUBA0RGbtwYdRIQBlAzvBE9G/ojLQwnO5WEgByvqrNYFpgNfLxes8eaSwwSoPOMYWP5Ey11VGq1xz16eVGvG2jwvfC5ULLsxKGTsuqIzllf5kS5ULR7XpxJNxPy3sCsDBauftx9FsJ7+FdI/IRKMhIn8Ys/7xLmtBP5gtATpqraHVu68ER5o97h6KiGtN2/JwyjpFZyj+fsIIvsNTZoMGm+1o2XTwpRXVOimjA1yEhTm0NmND6QfghAP0ExRgQPqPEP+i0jeffzd46Jh5qiYBYFx0XVfqjjfhqF3XzEvakTdyxi306xlmcWmebK3KbLw0RkwYfo6BbFdhUhnv3gzkeFnxl673EFG/+57ZSEylAzrMln3+LLDsylBHr2QNdcXaXkVvEEA+PlkHTnXIPy6e33oI1gH6t5opshEg1kgs4A==
|
||||
OAUTH2_PROXY_COOKIE_SECRET: AgChQvcPnNkUbVwBM62v1Tfy9/zvEYltLvtb0xjWrUROKxbqnU8G/xMMw/xLfhjgLnkayQSUMlHS0yy8vFUMBdQKbs3zm9f4uydrW13K71zuX+3+aMsD9fbLLdmvnHnMETjI3BifIZiMVPbuqBaZH3R/ckp/g2w4Lzvu44rfLeDhminIqYpgHOiJ0zAhKU54NFmYkms4ngzgWgwWYLQNky6sz6fzMQ7GDKvHoGQP5NZiYGnBnECDqhTMoWcHgoq9XCL7dFIQqxeYnOMsRruPIW2a2FiYU6M768Z39E9bfi0BeLONx6zbe5RqKFU6md38mO7J3GHNrd8/IJ/Os7QE5Kq4KA3yjbD03o52TxV3tmTM4i85NACB6HH/zyV/VyOvbax9x0/YchClEuvPPOe2pAGzAbn3W/3nYfhO4ItBKuPuwUIvSEDMUpQYQve7ppz6RbQja8eVNinwrIly+DVuR/lHQpuaAc7/HPy6snbQN51vhtmy8R2iyiPMfY59VpSQpBbW+wVfwjFEoY4hDJZZkVJvrbOqo+cC/wMuyc5IZ1kKYSgIoUNJXZlPKdDTJ3d331FdX/RmG4R3bYicnQ1pO+7rcsqk7/XGDqmQ5nBHr20QI0PMkR1XcIhUspExLzycNi10WlxeTiOQygWBPScaXO4ufzgVwHv5ToZEYnc85OH8OKTHGUPyStFY7ukukowRYczcwyVJjZ+Q1VXnj12Ot+DMLsFiVixxjuHcrV4i88CeGA==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: oauth2-proxy-recorder
|
||||
namespace: owntracks
|
||||
status: {}
|
||||
|
|
@ -5,6 +5,22 @@ metadata:
|
|||
namespace: owntracks
|
||||
labels:
|
||||
app: recorder
|
||||
spec:
|
||||
ports:
|
||||
- port: 8080
|
||||
protocol: TCP
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: recorder
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: recorder
|
||||
namespace: owntracks
|
||||
labels:
|
||||
app: recorder
|
||||
spec:
|
||||
ports:
|
||||
- port: 8083
|
||||
|
|
Reference in a new issue