diff --git a/owntracks/frontend/deployment.yaml b/owntracks/frontend/deployment.yaml index 649603a..9c512f5 100644 --- a/owntracks/frontend/deployment.yaml +++ b/owntracks/frontend/deployment.yaml @@ -45,14 +45,14 @@ spec: value: https://git.tbrnt.ch/api/v1 envFrom: - secretRef: - name: oauth2-proxy + name: oauth2-proxy-frontend args: - --upstream - http://127.0.0.1 - name: frontend env: - name: SERVER_HOST - value: owntracks + value: recorder - name: SERVER_PORT value: "8083" image: docker.io/owntracks/frontend:v2.3.1 diff --git a/owntracks/frontend/oauth2-secret.yaml b/owntracks/frontend/oauth2-secret.yaml new file mode 100644 index 0000000..7d81cdd --- /dev/null +++ b/owntracks/frontend/oauth2-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: oauth2-proxy-frontend + namespace: owntracks +spec: + encryptedData: + OAUTH2_PROXY_CLIENT_ID: AgAbUwgFpg6D5xeyhYXgr6B8c6l/EN15ie5AX/hBbrFtcWPG4iLwMWmu9Xrhm5w3FbCXBttXag/ZW/UpX8x8EK/EOKzA0OTkChUVhACCz9BsYOceQxS41nxk5GUhpng/Z47Ton/bT3xpLwHempWBjSM7v+elDmgYgAdjjs5eoN4yQ+7hyLNKkvDPSCZnXUfEyS+Rlx412C5q3BcA7VGHcXVOJp3oesNPhd7BUcPARAA7HUvz7bTivwSru2M0UEJ9JrpNpu7sShC0QaF6tP4UYOE9TFi+rIfxOcVJPmr6irLiqYGMRlnnwjxTsr+Z699WN26D17exzhbtXN9c8is0FJWCzQrIali6lNoCyLvbWPQyOSMKhXd/xmVkBfv8n8uYK4lK/pX/7YcjSdcBawVTouz+B8PWlW5drNcXHltH1NtZOJ1Nrv+d3uoHYxNjfisMGRaXJLcFNN9jI9eWHAZfj52h6jogk1Mnz3qSgsHNH1YPI1Nh4JDfRO3TcWRKgxGH2zJ/mMoIJzPe2TvfuugX0xVXLbDom7OT/g452AljVoofTyA195HzyXc8uP9JkIB179QuNS2nH3ZuonOWKyrhMyJXB2hs97w7qiWUr25s8bu8/+fHVMfQuD4wvFdKKedCH7wxmQ7eGbJRUr2Ihp5PVzlFkJ4JZXOKba5aZhtvrPz4nYzgqlTMR9+MdYO8MWnvzw+RO/VptMgKuW0SmgOQ9K3VbUjPQ7dNNhYUetXfpuhLXMtasMM= + OAUTH2_PROXY_CLIENT_SECRET: AgAUSp9/V2D08aGD3sQakxNJa6Zlynw5LzZA3p6BrDQRn1FVb20anPgOXOJCR1SSbYGAWTAMZNuk3jM0q4e3qMMDO/dgB2rxxxTzVMzHGgJP/BIfwkCZcbrOr0YjlKkGT+EHWtrF2itZAisSAIeMSkTmEbAq1WeJOhgVKmkYMbMudKyqhSvfkmpIiX7LOYVsouxmAOcMf34PnK/Fw+rkwg57o+a5dySSszRtk/e3Tn3T8pcDcx5OybGYQab0QY2hI7/FZzXyy1/jaGsO3+/FysgvHsIr8s+Ey10kTxvgtwBUi4WkkqOM1A8ubBhKQU478pwKW6tMYfZ7AaTafSm0ECd0b9SIi1kNSjMjyaej+PRICOxePhyFHmLlRiyTQgVYQu9VMfevo9A0poYjD2imnczokIxaBISP1TaBvtN/Zq0f/abc12ScewRQ3oe6hqnywCM3q7P/NEF8wUbKpz9GxG/LYTWd0jq9wMqI5CHTkViGzcxRkP84fjs4y55dhcZdHvFmh7hbs7fdM/9mCjh+Newyb6WWC8Gi9KfKsgsHHr1XZDDo7HXn1CCxFeoL5cpGTgJCCWraaDbZXCHbkpjlcx9waHcPc0nP5dWDpJlprTZ35GANyiUoxGo6qZp/20Sx8nCdBUVerX9gugYrNKvZhp5PRbRAhajngOn2WP2BLXKVNezzq25uVHl58FijSGwSUtaUMZznXYHIKOU3OYM0OoPpten9sp2KotbsZoyy1Tf/fErOF5+5dBWf2003lQ== + OAUTH2_PROXY_COOKIE_SECRET: AgBElq1y1iSOElfa/LU+QneYo/TeqOQo0cv95TBbnbYCuW4L9zA80ljLMsdb0TP/lSuBh3FzpGqxUbY7ln0glwjIQ9Kn1QD+Q4nv1g6uRyv/7urbEzXbNBCLBjnax6fETsZkJjwYsUmw8YEDJ3KXMyqI/FRK26cDab/bmeZW78laN10KZ6XvwmJWvDp/UML+L8RV1pzdlOH4ua+TmXKope/fQBkMpjV8MkaHRuY281liFW217vsNPXuKXtFXVuWLQ2meVlpaQpWt6+0hz09ytM3pAJcr0LVm2Ch+GLHuW5UlLKvU7aHq/t2LW9LiSW17eloVQgHV2gYqjye+135C4StfjbabiKaIiL26Z+O/pVh492BWW6/RuJhfzwROnOLTszbSYtvEOo6DSzW6a+WUGTHaBn48MOLc+bb2YQVSe27mG6tkBOjgEMH5Q14xfb7lm7Rgvq7qIH2FiADP2bIvJ3zllVoLB+3axV0h3+Sz+VK4PaTVDOE+z/cLdPmjHP1dJg9lmP2jQ5JfCorsf88dW076L47yzoflWUCfnoNKGm658JOoelu2MiP+enpGhQeDLzH7r1r4bCWQlNwCU98PafyAaQtYeQ22xPOtlq0mnJ3ohbl4Di84BxjsPwLVZZoq4rJieoOve7wQxB02sQ/BxUs7rrSSEXtVr69VfLuI3J8Fv2iHvbx/eTOiBGLJJo0IYkgdXT8Jr+kbexpxuQPSzGVPrNPBK3sXoyjqGKXJnQGq9A== + template: + metadata: + creationTimestamp: null + name: oauth2-proxy-frontend + namespace: owntracks +status: {} + diff --git a/owntracks/oauth2-secret.yaml b/owntracks/oauth2-secret.yaml deleted file mode 100644 index 2eafd47..0000000 --- a/owntracks/oauth2-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: oauth2-proxy - namespace: owntracks -spec: - encryptedData: - OAUTH2_PROXY_CLIENT_ID: AgBCu2Lpj6DGPF6r77OlPC9JstJnwOBin0l+eSfC977ve2rgV5PGkSl68/yBk+4+IicStcSMrIdR9jEIFRrmL+ThOWCXsxU10L/r0SMc9V0aNE85hCeUI/tT5sU5QCMtpO+wJtUidxvPT5+QblVsTpCDDODTmV9SJiC3+Ortty5rqMOPE64V/04yT4crG3383zhnNlEdpZGsXq0rzmsn9llosloG9E6LFvVUFKQkq40WGu33ljr4UaUcV8pZbAn2H9UB5wSBRpqCJijAJgvUD5SKjRVtGM8r/0MCDZFnMoJVSsvqBeCzJhBJRR2IgrkRgY1NagNjGvDCcDoFuUz4WxQbYeHFHv+YDSh3qYuROiEss0dhxXnMs0uJ0fOFEhwt+Vx/Ny8MNw9BQBCx4qzaDBp4zMmvZ9ViZJ/nobEYZPQuvvSfvL1SlMh3W+DhlepQ7F+2aKVKUakN+WRpy5f3tfao27zJZC0aO0PuREJ0dJlowt3aME9CH+xSwH5z3zmQDajoS5QWjmsuyw5nStWXfCsXnsh2knYn2ur0eYMlK9H7voScMysng7kLeWXMzy9R1esj3p862O628S0qf/eeM63TGUcxDCTTEz641Uovj6PnotZcZO4U1ndQgCF72cUnQkrEuiyjH2rT462Cbwcgxyyx9qVyhXZX+x1jAPaV8YbrPkx1/8xJ/KjULuRZaPU7l9UHkgSBIO+h9egi4q5hXhqLQ0ScTnuNM7ZgisvIP805BwZqc2M= - OAUTH2_PROXY_CLIENT_SECRET: AgAn8UTPLDHcgY80m5aIylyMjMvWl1d5wsGoZ5QjdPS8yRJxxBiqqK8/msXCIsjdtNtDeF9OBq2UxyRm2mdU9lYN5pCicMYYLt4cRlcYHkcNpOEwxH3WZYefMcWlEKQpFEeg+B+MG7jmfIKGoIAL1JfojF2Qrt3gD06caAOcigjjCLZM0a7Y9owP+8Z8xmc+1zG6x9Z2PH8ekOkbJTu5l1nAxgYQXpl14nwVCJV/o+3eVU+Ky+zfrhCJN/Cw4eJoNDsJXRw4pxXe0w6FXiy3yx/cXrU2y4qmOfvRVWPY75O9WLCfDWw2zEiHb9Ks60yYkknkdlv9ZlzzTE0lq2M8RMeEjRJVMVrRXLcARo3IHWm2r0L3RU46U8VDOkYJDsYEThT5c4nacK/PU1UYHwEnsrHormB3W2FGS0lI3boDY8gkXX4WaX4NvD2N66SYpFmyRfTZU1rtiC2JXrvprdjJefbM+N9ZGZxKcO72PQJ4cFRTyn5fEsClocGt4JSEzu29I6VP7nwmmGE+TgatHonCxgNCka+n/NJdgrJcz8LNjnihIbBuaT7x9/NmJ8rkGIG8TCGPh/iOJt9ZFIdVgqMneW2wKIQZcAD0wSFEy6U984YCOOvW00VkKqIRyJDPUwRLdjBJ8mK2E+tUlYpAknEXFMu9QB86zuP3oR/PwCGd/SauDKBQzChTh/zKqQpo2UbLV0ufOCasRefdqC/GORhVKgOYP5hijk1yv9ogjKTkmqKqlOtjYFJnoDuCYvX/Lw== - OAUTH2_PROXY_COOKIE_SECRET: AgCLepha3T61OQFK4lDoivgOX7fdVYVvMWZYk8x4ZXggSaJvcMSgmoUU5h+kmVLB73F1JGqE7Ck3wLtNHKnBzPAvAiNk6CxGItlE3QPImkz0ED7Ipf7K8MrK9G6TAW68w8+rI64bpGvVbcAW6GOjOKm/nMSAakgicXXWtA2JBRSmnqE6UVXYb770UxN82LKeIgriberb4rGAMNjAi7ziDmy7L2OyyPgzK1KRxI4WaitqaPP2q4PEQAuJPq+9w1hAWSHP9V4PR8VmPRpUmMwK9sd6M6oMrqc3fNqZc0CN7tHIDdx+lapwI5tXwGia++C5m/ku3TVZIib4khjfVSi3xvU0KbLv2mQBWI9tR8VwmpP1ALLeYuSMoI/3BtQ2QlQUZ6qy1dbYsdFgwPJZNPnsgb+QZbhjYXlSgLmEC7MrZf6Bho1AHmyoUKW25Wn6GZnz3Hm+0S9CYyGPvZCjQ8TY2px9mc2D8kyZdpqZeLVkW73LWQentAMIBVgkpC3mNccNXSyXghlbOGZCtwMZPLtiuKm6wsJmf5x7xirG7hihZGKOQ+NuYosT3sbiNGV2R9rO9gtdXYljHI2QyP/19HvFIH2dcTdaa5c/ktl77DdhvpvJZaUU2WZe6NzYQv9AAPbIsLqmJRfmMzKkKBUbj7tNmaIiYZc+T+IQx/Kw0pKXb0I2xMKHpR8zDkFSQwGjsrEe5VdwkIVf/fJRaMYZesmmbiKKFNGSS0Y+vIYdTF2FLE0w3g== - template: - metadata: - creationTimestamp: null - name: oauth2-proxy - namespace: owntracks -status: {} - diff --git a/owntracks/recorder/deployment.yaml b/owntracks/recorder/deployment.yaml index 6fbf542..c8bb813 100644 --- a/owntracks/recorder/deployment.yaml +++ b/owntracks/recorder/deployment.yaml @@ -17,27 +17,65 @@ spec: app: recorder spec: containers: - - env: + - name: oauth2-proxy + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + protocol: TCP + name: http + env: + - name: OAUTH2_PROXY_HTTP_ADDRESS + value: :8080 + - name: OAUTH2_PROXY_REVERSE_PROXY + value: "true" + - name: OAUTH2_PROXY_EMAIL_DOMAINS + value: tobru.ch + - name: OAUTH2_PROXY_PROVIDER + value: github + - name: OAUTH2_PROXY_REDIRECT_URL + value: https://owntracks.tobru.ch/oauth2/callback + - name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME + value: tbrnt Gitea + - name: OAUTH2_PROXY_LOGIN_URL + value: https://git.tbrnt.ch/login/oauth/authorize + - name: OAUTH2_PROXY_REDEEM_URL + value: https://git.tbrnt.ch/login/oauth/access_token + - name: OAUTH2_PROXY_VALIDATE_URL + value: https://git.tbrnt.ch/api/v1 + - name: OAUTH2_PROXY_SKIP_AUTH_REGEX + value: ^\/(view|static)\/.*$ + envFrom: + - secretRef: + name: oauth2-proxy-recorder + args: + - --upstream + - http://127.0.0.1:8083 + securityContext: + runAsUser: 9999 + runAsGroup: 9999 + - name: recorder + env: - name: OTR_HOST value: mqtt-plain.mosquitto.svc.cluster.local - name: OTR_USER value: ot-recorder image: docker.io/owntracks/recorder:0.8.6-12 imagePullPolicy: IfNotPresent - name: recorder command: - ot-recorder - --viewsdir - /htdocs/viewsjson + ports: + - containerPort: 8083 + protocol: TCP + name: recorder livenessProbe: httpGet: path: /api/0/monitor port: 8083 initialDelaySeconds: 1 periodSeconds: 30 - ports: - - containerPort: 8083 - protocol: TCP volumeMounts: - name: data mountPath: /store diff --git a/owntracks/recorder/ingress.yaml b/owntracks/recorder/ingress.yaml index d9c3bce..b9f9e0b 100644 --- a/owntracks/recorder/ingress.yaml +++ b/owntracks/recorder/ingress.yaml @@ -16,7 +16,7 @@ spec: - path: / backend: serviceName: owntracks - servicePort: 8083 + servicePort: 8080 tls: - hosts: - owntracks.tobru.ch diff --git a/owntracks/recorder/oauth2-secret.yaml b/owntracks/recorder/oauth2-secret.yaml new file mode 100644 index 0000000..a4dcba6 --- /dev/null +++ b/owntracks/recorder/oauth2-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: oauth2-proxy-recorder + namespace: owntracks +spec: + encryptedData: + OAUTH2_PROXY_CLIENT_ID: AgBaSfU6w/u0rUe+ooG6MfH18uKvkHm9W+UiI0dQrZ75nq3uGUR/5DpRtqvI2LX1AjaoDjUttummcm/NBtQSGFZ1AKalmFCN/39mEUrlN6tWIdDKvSS3zVKeounuq251eYCdWeaiTqBv3gMOFEdZp7JVauaBJNpCRASk/+sIesNVa4ilV9oL6Yppy5NOxPq8TIsXo8e/TSbu4VTKOkijdKfUPrl1GF/CbdcajwbkAIdTAX0g/2cvywfJZWM5LVJ9hjYipfODMIrRY5L/GIpXdVkXxDz24QRd8jhUcTS2i8jzesIb+os8Sz9i/DPg7bn+mwp66YnB4Q4Z+c3Y0QMLODqBNYJXb8x2vNL7BIuUKtDjYhdplC2fGEfcBHuJ7S3xBOlwZM3Z++o05vLnlMBRjXyFL//xiwZCppCVw5CsC7yR7+iY7dBrQy7mCmSK5OByb0Ydjh0iWl+bJTSN0u3xbYi27HGfMomCXtcwyBRUJV1iHjZWAhVa31ZqqUBb4MAVks6RwJCfrCM9i3bkTRQbVSGlNLgx/kjvtF+jFPy2LM0AVFWN2JMWMon+qDxmzRTNObinIRz14wCrxiqxTYON4wYCyEB6ZwykO2UlN6XKLFl+sWLp4/z24ZhfGsLIV95vt/Gtr8PiaoXIy5NfG85r0fPRRa/a3Yuvi2JhmY5lanuC4gp7bygicVmiVSTmgTlWts1tGbo8lmJh1ufaKjA/It07PDfzSgzY5tQ0uqNBnzwHhp9YxiI= + OAUTH2_PROXY_CLIENT_SECRET: AgBzwvWzjU1Kgwmvyzl/P79Mq76utpjIGQYHasDeQdy8zloFYlS/CGpmaqQnqTuxy1Guh7ivGKNYdZeTMRtp+DjToomwAie3UwJHZIoQWc3dHRJnEOaKM4vgQRLpFIPa7Dt9yuI64d3J9h+Q0W2CB0vxI4YaeuvLXaZJrAslauKZdC/n23Zx65ihR4EPneOt5XZ4IwHufYLYwupfte6MXD4TMHF7TFOzob3XuZO/6Kqs0JcNeGuTotVhEQr6XkBvD8x1pHEYPWpsWdhkY0wVXHxD6wfFLPXK2xrAuroep7155wyKPCr68F36obGAx+q3lIr4lGJglj+6APicz6rRUBA0RGbtwYdRIQBlAzvBE9G/ojLQwnO5WEgByvqrNYFpgNfLxes8eaSwwSoPOMYWP5Ey11VGq1xz16eVGvG2jwvfC5ULLsxKGTsuqIzllf5kS5ULR7XpxJNxPy3sCsDBauftx9FsJ7+FdI/IRKMhIn8Ys/7xLmtBP5gtATpqraHVu68ER5o97h6KiGtN2/JwyjpFZyj+fsIIvsNTZoMGm+1o2XTwpRXVOimjA1yEhTm0NmND6QfghAP0ExRgQPqPEP+i0jeffzd46Jh5qiYBYFx0XVfqjjfhqF3XzEvakTdyxi306xlmcWmebK3KbLw0RkwYfo6BbFdhUhnv3gzkeFnxl673EFG/+57ZSEylAzrMln3+LLDsylBHr2QNdcXaXkVvEEA+PlkHTnXIPy6e33oI1gH6t5opshEg1kgs4A== + OAUTH2_PROXY_COOKIE_SECRET: AgChQvcPnNkUbVwBM62v1Tfy9/zvEYltLvtb0xjWrUROKxbqnU8G/xMMw/xLfhjgLnkayQSUMlHS0yy8vFUMBdQKbs3zm9f4uydrW13K71zuX+3+aMsD9fbLLdmvnHnMETjI3BifIZiMVPbuqBaZH3R/ckp/g2w4Lzvu44rfLeDhminIqYpgHOiJ0zAhKU54NFmYkms4ngzgWgwWYLQNky6sz6fzMQ7GDKvHoGQP5NZiYGnBnECDqhTMoWcHgoq9XCL7dFIQqxeYnOMsRruPIW2a2FiYU6M768Z39E9bfi0BeLONx6zbe5RqKFU6md38mO7J3GHNrd8/IJ/Os7QE5Kq4KA3yjbD03o52TxV3tmTM4i85NACB6HH/zyV/VyOvbax9x0/YchClEuvPPOe2pAGzAbn3W/3nYfhO4ItBKuPuwUIvSEDMUpQYQve7ppz6RbQja8eVNinwrIly+DVuR/lHQpuaAc7/HPy6snbQN51vhtmy8R2iyiPMfY59VpSQpBbW+wVfwjFEoY4hDJZZkVJvrbOqo+cC/wMuyc5IZ1kKYSgIoUNJXZlPKdDTJ3d331FdX/RmG4R3bYicnQ1pO+7rcsqk7/XGDqmQ5nBHr20QI0PMkR1XcIhUspExLzycNi10WlxeTiOQygWBPScaXO4ufzgVwHv5ToZEYnc85OH8OKTHGUPyStFY7ukukowRYczcwyVJjZ+Q1VXnj12Ot+DMLsFiVixxjuHcrV4i88CeGA== + template: + metadata: + creationTimestamp: null + name: oauth2-proxy-recorder + namespace: owntracks +status: {} + diff --git a/owntracks/recorder/service.yaml b/owntracks/recorder/service.yaml index b51d18a..d9448ee 100644 --- a/owntracks/recorder/service.yaml +++ b/owntracks/recorder/service.yaml @@ -5,6 +5,22 @@ metadata: namespace: owntracks labels: app: recorder +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: recorder + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + name: recorder + namespace: owntracks + labels: + app: recorder spec: ports: - port: 8083