put oauth2 proxy in front
This commit is contained in:
parent
e3ad45073d
commit
c4fa08de33
|
@ -15,11 +15,39 @@ spec:
|
|||
app: archivebox
|
||||
spec:
|
||||
containers:
|
||||
- name: oauth2-proxy
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
protocol: TCP
|
||||
name: http
|
||||
env:
|
||||
- name: OAUTH2_PROXY_HTTP_ADDRESS
|
||||
value: :8080
|
||||
- name: OAUTH2_PROXY_REVERSE_PROXY
|
||||
value: "true"
|
||||
- name: OAUTH2_PROXY_EMAIL_DOMAINS
|
||||
value: tobru.ch
|
||||
- name: OAUTH2_PROXY_PROVIDER
|
||||
value: oidc
|
||||
- name: OAUTH2_PROXY_REDIRECT_URL
|
||||
value: https://archivebox.tobru.ch/oauth2/callback
|
||||
- name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME
|
||||
value: tbrnt ID
|
||||
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
|
||||
value: https://id.tobru.ch/auth/v1
|
||||
- name: OAUTH2_PROXY_UPSTREAMS
|
||||
value: http://127.0.0.1:8080
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: oauth2-proxy-frontend
|
||||
resources: {}
|
||||
- name: archivebox
|
||||
args:
|
||||
- server
|
||||
- --quick-init
|
||||
- "0.0.0.0:8000"
|
||||
- "0.0.0.0:8080"
|
||||
image: docker.io/archivebox/archivebox:0.7.2
|
||||
env:
|
||||
- name: PUBLIC_INDEX
|
||||
|
@ -35,7 +63,7 @@ spec:
|
|||
- name: SAVE_MEDIA
|
||||
value: "False"
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
- containerPort: 8080
|
||||
protocol: TCP
|
||||
name: http
|
||||
resources:
|
||||
|
|
|
@ -7,5 +7,5 @@ resources:
|
|||
- deployment.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
#generators:
|
||||
# - secret-generator.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
|
@ -3,4 +3,4 @@ kind: ksops
|
|||
metadata:
|
||||
name: secret-generator
|
||||
files:
|
||||
- secret.sops.yaml
|
||||
- secret-oauth2.sops.yaml
|
||||
|
|
29
apps/zurrli/archivebox/secret-oauth2.sops.yaml
Normal file
29
apps/zurrli/archivebox/secret-oauth2.sops.yaml
Normal file
|
@ -0,0 +1,29 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: oauth2-proxy-frontend
|
||||
stringData:
|
||||
OAUTH2_PROXY_CLIENT_ID: ENC[AES256_GCM,data:bTWOhdUlIIn/dQ==,iv:rTkCQAu1rdQ+W/mDH3+8wx/OAGMxLLZ8IVBvH3W0EGw=,tag:7/7FaZ55qaNUKQ5k0erWHA==,type:str]
|
||||
OAUTH2_PROXY_CLIENT_SECRET: ENC[AES256_GCM,data:Z36pMTzF5MYk+FvAkFJUn2hFForx1tqi7iIbRs0gZFMxhBag453tmb1RlwtG6kucRfLq9Trhh2ekxEl552gJmlw=,iv:DAU846VnSK6euk8KfFcyIgj39mLNEgCNF46f/u6ardc=,tag:ew6/UElyLm0lV4T6ua/sAg==,type:str]
|
||||
OAUTH2_PROXY_COOKIE_SECRET: ENC[AES256_GCM,data:lcXJQ4k9lU5npCDXLaKrOMrzFvjXpdYs/jv6w6exQ6ORLQsXmSLy6R8gBuo=,iv:JCMsz9elmK1q9KzpuscGVQEJlxzM2qFPxGHqkGWG5EA=,tag:sMOiLfhvvxnRAqjqJ82YgQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGN09NRWIzYm9PbXJGdnJO
|
||||
SzZ3SytLcGpPM0t5OUcrY3JEWW11YlRsZkdrClVENzFCMk80Y0xsUjdieUdYR3Bw
|
||||
RGE3cUJnZUQ3bWptUEZmVURhcGxkQ2MKLS0tIFRWWTlKRk1SK3V0VVJVaGhQSnFo
|
||||
SEM5SzZUSWgxOE8zdHN1ZzlOZ3JpR1kKwcaSCqhKwo00iHpEmuiHC1xQX7+w7x/l
|
||||
UsDyAFuMy2Tee/saQXBO8iz+GvkT2hRJ4v4dWlSJ4PX1fSWTnP/RDg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-06T20:12:34Z"
|
||||
mac: ENC[AES256_GCM,data:6OzcJtdDl7G+8jdySu1wIANPUKXSGaCA1+d6Wq9CIu2mw1vbF8nzfsD2HtWT20NcS+n64Y0b//uBH+v70jD0BIXfsiHP0B/6kfWKMlmgns24VofUClQf2dyv2qVq7RmZm6MKBNYRrA1XqHq6JaOLyH3cyOt471jn9iFCewouEos=,iv:ouqIOWplS+s0YJhWRa4adRYxrgzfYGxGw6JkkMLrMfc=,tag:rQAbjiTMlFHECIij5OCSsQ==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
Loading…
Reference in a new issue