diff --git a/manifests/dashboard/dashboard.yaml b/manifests/dashboard/dashboard.yaml index 8e6a338..950e7bc 100644 --- a/manifests/dashboard/dashboard.yaml +++ b/manifests/dashboard/dashboard.yaml @@ -12,6 +12,16 @@ data: .dockerconfigjson: e30= --- apiVersion: v1 +kind: Secret +metadata: + name: dashboard-auth + namespace: dashboard + annotations: + kube-1password: mr6spkkx7n3memkbute6ojaarm + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: v1 kind: Service metadata: name: dashboard @@ -19,7 +29,7 @@ metadata: spec: type: ClusterIP ports: - - port: 80 + - port: 8000 targetPort: web name: web selector: @@ -43,6 +53,46 @@ spec: imagePullSecrets: - name: docker-config containers: + - args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://localhost:80 + - --http-address=$(HOST_IP):8000 + - --redirect-url=https://dash.cluster.fun/oauth2/callback + - --email-domain=marcusnoble.co.uk + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: dashboard-auth + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: dashboard-auth + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + name: oauth-proxy + ports: + - containerPort: 8000 + protocol: TCP + resources: + limits: + memory: 125Mi + requests: + memory: 125Mi + + - name: web image: docker.cluster.fun/private/dashboard:latest imagePullPolicy: Always