From 07fa76c9b011cb50b68a1028b6f4f4447cca3c7b Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Sat, 30 Mar 2024 16:42:15 +0000 Subject: [PATCH] Test new tailscale proxy with auth Signed-off-by: Marcus Noble --- manifests/auth-proxy/auth-proxy.yaml | 82 ++++++++++++++++++++++++ manifests/auth-proxy/non-auth-proxy.yaml | 3 +- 2 files changed, 84 insertions(+), 1 deletion(-) diff --git a/manifests/auth-proxy/auth-proxy.yaml b/manifests/auth-proxy/auth-proxy.yaml index aef30ea..5a98fa4 100644 --- a/manifests/auth-proxy/auth-proxy.yaml +++ b/manifests/auth-proxy/auth-proxy.yaml @@ -200,3 +200,85 @@ spec: selector: app: auth-proxy type: ClusterIP + +--- + + + + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: auth-proxy-v2 + namespace: auth-proxy + labels: + app: auth-proxy-v2 +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: auth-proxy-v2 + template: + metadata: + labels: + app: auth-proxy-v2 + spec: + serviceAccountName: default + containers: + - name: oauth-proxy + image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 + args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://tailscale-proxy.auth-proxy.svc + - --http-address=0.0.0.0:8080 + - --email-domain=* + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT + - --cookie-expire=336h0m0s + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: auth-proxy + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: auth-proxy + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + memory: 50Mi + requests: + memory: 50Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: auth-proxy-v2 + namespace: auth-proxy + labels: + app: auth-proxy-v2 +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: auth-proxy + type: ClusterIP diff --git a/manifests/auth-proxy/non-auth-proxy.yaml b/manifests/auth-proxy/non-auth-proxy.yaml index dcc3ed0..f8067c2 100644 --- a/manifests/auth-proxy/non-auth-proxy.yaml +++ b/manifests/auth-proxy/non-auth-proxy.yaml @@ -20,6 +20,7 @@ spec: pathType: ImplementationSpecific backend: service: - name: tailscale-proxy + # name: tailscale-proxy + name: auth-proxy port: name: http