diff --git a/manifests/website-to-remarkable.yaml b/manifests/website-to-remarkable.yaml index 3f25a03..1816596 100644 --- a/manifests/website-to-remarkable.yaml +++ b/manifests/website-to-remarkable.yaml @@ -1,8 +1,123 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: website-to-remarkable +--- +apiVersion: v1 +kind: Secret +metadata: + name: website-to-remarkable-auth + namespace: website-to-remarkable + annotations: + kube-1password: mr6spkkx7n3memkbute6ojaarm + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: website-to-remarkable + namespace: website-to-remarkable + annotations: + kube-1password: smp3qkv74qt72ttzkltyhiktja + kube-1password/vault: Kubernetes +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + name: website-to-remarkable + namespace: website-to-remarkable +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8080 + name: web + - port: 8000 + targetPort: 8000 + name: noauth + selector: + app: website-to-remarkable +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: website-to-remarkable + namespace: website-to-remarkable + labels: + app: website-to-remarkable +spec: + replicas: 1 + selector: + matchLabels: + app: website-to-remarkable + template: + metadata: + labels: + app: website-to-remarkable + spec: + dnsConfig: + options: + - name: ndots + value: "2" + containers: + - args: + - --cookie-secure=false + - --provider=oidc + - --provider-display-name=Auth0 + - --upstream=http://localhost:8000 + - --http-address=$(HOST_IP):8080 + - --redirect-url=https://website-to-remarkable.cluster.fun/oauth2/callback + - --email-domain=marcusnoble.co.uk + - --pass-basic-auth=false + - --pass-access-token=false + - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ + - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN + env: + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: username + name: website-to-remarkable-auth + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: password + name: website-to-remarkable-auth + image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 + name: oauth-proxy + ports: + - containerPort: 8080 + protocol: TCP + resources: + limits: + memory: 125Mi + requests: + memory: 125Mi + - name: web + image: docker.cluster.fun/averagemarcus/website-to-remarkable:latest + imagePullPolicy: Always + env: + - name: REMARKABLE_TOKEN + valueFrom: + secretKeyRef: + name: website-to-remarkable + key: password + ports: + - containerPort: 8000 + name: web +--- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: website-to-remarkable - namespace: inlets + namespace: website-to-remarkable annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/frontend-entry-points: http,https @@ -19,5 +134,7 @@ spec: paths: - path: / backend: - serviceName: auth-proxy + serviceName: website-to-remarkable servicePort: 80 + +---