diff --git a/manifests/cctv.yaml b/manifests/cctv.yaml new file mode 100644 index 0000000..0985b88 --- /dev/null +++ b/manifests/cctv.yaml @@ -0,0 +1,109 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cctv +--- +apiVersion: v1 +kind: Secret +metadata: + name: cctv-auth + namespace: cctv + annotations: + kube-1password: mr6spkkx7n3memkbute6ojaarm + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cctv-auth + namespace: cctv + labels: + app: cctv-auth +spec: + replicas: 1 + selector: + matchLabels: + app: cctv-auth + template: + metadata: + labels: + app: cctv-auth + spec: + containers: + - args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://inlets.inlets.svc.cluster.local + - --http-address=$(HOST_IP):8080 + - --redirect-url=https://cctv.cluster.fun/oauth2/callback + - --email-domain=* + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: cctv-auth + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: cctv-auth + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + name: oauth-proxy + ports: + - containerPort: 8080 + protocol: TCP +--- +apiVersion: v1 +kind: Service +metadata: + name: cctv-auth + namespace: cctv + labels: + app: cctv-auth +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: cctv-auth + type: ClusterIP +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: cctv-auth + namespace: cctv + labels: + app: cctv-auth + annotations: + cert-manager.io/cluster-issuer: letsencrypt + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + traefik.ingress.kubernetes.io/redirect-entry-point: https + traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + tls: + - hosts: + - cctv.cluster.fun + secretName: cctv-ingress + rules: + - host: cctv.cluster.fun + http: + paths: + - path: / + backend: + serviceName: cctv-auth + servicePort: 80 diff --git a/manifests/inlets.yaml b/manifests/inlets.yaml new file mode 100644 index 0000000..c24d40d --- /dev/null +++ b/manifests/inlets.yaml @@ -0,0 +1,79 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: inlets +--- +apiVersion: v1 +kind: Secret +metadata: + name: inlets + namespace: inlets + annotations: + kube-1password: podju6t2s2osc3vbkimyce25ti + kube-1password/vault: Kubernetes + kube-1password/password-key: token +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + name: inlets + namespace: inlets + labels: + app: inlets +spec: + type: ClusterIP + ports: + - port: 80 + protocol: TCP + targetPort: 8000 + selector: + app: inlets +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: inlets + namespace: inlets + labels: + app: inlets +spec: + replicas: 1 + selector: + matchLabels: + app: inlets + template: + metadata: + labels: + app: inlets + spec: + containers: + - name: inlets + image: inlets/inlets:2.7.0 + imagePullPolicy: Always + command: ["inlets"] + args: + - "server" + - "--token-from=/var/inlets/token" + volumeMounts: + - name: inlets-token-volume + mountPath: /var/inlets/ + volumes: + - name: inlets-token-volume + secret: + secretName: inlets +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: inlets + namespace: inlets +spec: + rules: + - host: inlets.cluster.fun + http: + paths: + - path: / + backend: + serviceName: inlets + servicePort: 80