tobru/gitops-zurrli
1
1
Fork 0
Code Issues 1 Pull requests 10 Activity

put oauth2 proxy in front

Browse source
This commit is contained in:
Tobias Brunner 2024-04-06 22:15:31 +02:00
parent e3ad45073d
commit c4fa08de33
Signed by: tobru
SSH key fingerprint: SHA256:kywVhvCA+MIxL6eBgoQa+BfC/ROJqcfD2bpy1PR6Ebk
4 changed files with 62 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
apps/zurrli/archivebox/deployment.yaml
View file

@ -15,11 +15,39 @@ spec:
app: archivebox
spec:
containers:
- name: oauth2-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
protocol: TCP
name: http
env:
- name: OAUTH2_PROXY_HTTP_ADDRESS
value: :8080
- name: OAUTH2_PROXY_REVERSE_PROXY
value: "true"
- name: OAUTH2_PROXY_EMAIL_DOMAINS
value: tobru.ch
- name: OAUTH2_PROXY_PROVIDER
value: oidc
- name: OAUTH2_PROXY_REDIRECT_URL
value: https://archivebox.tobru.ch/oauth2/callback
- name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME
value: tbrnt ID
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: https://id.tobru.ch/auth/v1
- name: OAUTH2_PROXY_UPSTREAMS
value: http://127.0.0.1:8080
envFrom:
- secretRef:
name: oauth2-proxy-frontend
resources: {}
- name: archivebox
args:
- server
- --quick-init
- "0.0.0.0:8000"
- "0.0.0.0:8080"
image: docker.io/archivebox/archivebox:0.7.2
env:
- name: PUBLIC_INDEX
@ -35,7 +63,7 @@ spec:
- name: SAVE_MEDIA
value: "False"
ports:
- containerPort: 8000
- containerPort: 8080
protocol: TCP
name: http
resources:

4
apps/zurrli/archivebox/kustomization.yaml
View file

@ -7,5 +7,5 @@ resources:
- deployment.yaml
- service.yaml
- ingress.yaml
#generators:
# - secret-generator.yaml
generators:
- secret-generator.yaml

2
apps/zurrli/archivebox/secret-generator.yaml
View file

@ -3,4 +3,4 @@ kind: ksops
metadata:
name: secret-generator
files:
- secret.sops.yaml
- secret-oauth2.sops.yaml

29
apps/zurrli/archivebox/secret-oauth2.sops.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: oauth2-proxy-frontend
stringData:
OAUTH2_PROXY_CLIENT_ID: ENC[AES256_GCM,data:bTWOhdUlIIn/dQ==,iv:rTkCQAu1rdQ+W/mDH3+8wx/OAGMxLLZ8IVBvH3W0EGw=,tag:7/7FaZ55qaNUKQ5k0erWHA==,type:str]
OAUTH2_PROXY_CLIENT_SECRET: ENC[AES256_GCM,data:Z36pMTzF5MYk+FvAkFJUn2hFForx1tqi7iIbRs0gZFMxhBag453tmb1RlwtG6kucRfLq9Trhh2ekxEl552gJmlw=,iv:DAU846VnSK6euk8KfFcyIgj39mLNEgCNF46f/u6ardc=,tag:ew6/UElyLm0lV4T6ua/sAg==,type:str]
OAUTH2_PROXY_COOKIE_SECRET: ENC[AES256_GCM,data:lcXJQ4k9lU5npCDXLaKrOMrzFvjXpdYs/jv6w6exQ6ORLQsXmSLy6R8gBuo=,iv:JCMsz9elmK1q9KzpuscGVQEJlxzM2qFPxGHqkGWG5EA=,tag:sMOiLfhvvxnRAqjqJ82YgQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGN09NRWIzYm9PbXJGdnJO
SzZ3SytLcGpPM0t5OUcrY3JEWW11YlRsZkdrClVENzFCMk80Y0xsUjdieUdYR3Bw
RGE3cUJnZUQ3bWptUEZmVURhcGxkQ2MKLS0tIFRWWTlKRk1SK3V0VVJVaGhQSnFo
SEM5SzZUSWgxOE8zdHN1ZzlOZ3JpR1kKwcaSCqhKwo00iHpEmuiHC1xQX7+w7x/l
UsDyAFuMy2Tee/saQXBO8iz+GvkT2hRJ4v4dWlSJ4PX1fSWTnP/RDg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-06T20:12:34Z"
mac: ENC[AES256_GCM,data:6OzcJtdDl7G+8jdySu1wIANPUKXSGaCA1+d6Wq9CIu2mw1vbF8nzfsD2HtWT20NcS+n64Y0b//uBH+v70jD0BIXfsiHP0B/6kfWKMlmgns24VofUClQf2dyv2qVq7RmZm6MKBNYRrA1XqHq6JaOLyH3cyOt471jn9iFCewouEos=,iv:ouqIOWplS+s0YJhWRa4adRYxrgzfYGxGw6JkkMLrMfc=,tag:rQAbjiTMlFHECIij5OCSsQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.8.1