From ca6d26ae7d26520445c99735163e1c3b28488514 Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Sat, 30 Mar 2024 16:38:44 +0000 Subject: [PATCH] Remove old non-auth proxy resources Signed-off-by: Marcus Noble --- manifests/auth-proxy/non-auth-proxy.yaml | 129 ----------------------- 1 file changed, 129 deletions(-) diff --git a/manifests/auth-proxy/non-auth-proxy.yaml b/manifests/auth-proxy/non-auth-proxy.yaml index 2a5a083..dcc3ed0 100644 --- a/manifests/auth-proxy/non-auth-proxy.yaml +++ b/manifests/auth-proxy/non-auth-proxy.yaml @@ -1,132 +1,3 @@ - -apiVersion: v1 -kind: Secret -metadata: - name: tailscale-non-auth-proxy - namespace: auth-proxy -type: Opaque ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tailscale-non-auth-proxy - labels: - app.kubernetes.io/name: tailscale ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: tailscale-non-auth-proxy - labels: - app.kubernetes.io/name: tailscale -subjects: -- kind: ServiceAccount - name: "tailscale-non-auth-proxy" -roleRef: - kind: Role - name: tailscale-non-auth-proxy - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: tailscale-non-auth-proxy - labels: - app.kubernetes.io/name: tailscale -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] -- apiGroups: [""] - resourceNames: ["tailscale-non-auth-proxy"] - resources: ["secrets"] - verbs: ["get", "update"] ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: non-auth-proxy - namespace: auth-proxy - labels: - app: non-auth-proxy - annotations: - secret.reloader.stakater.com/reload: "tailscale-auth" -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: non-auth-proxy - template: - metadata: - labels: - app: non-auth-proxy - spec: - serviceAccountName: tailscale-non-auth-proxy - dnsPolicy: ClusterFirst - dnsConfig: - nameservers: - - 100.100.100.100 - containers: - - name: oauth-proxy - image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 - args: - - --cookie-secure=false - - --provider=oidc - - --provider-display-name=Auth0 - - --upstream=http://talos.averagemarcus.github.beta.tailscale.net - - --http-address=0.0.0.0:8080 - - --email-domain=* - - --pass-basic-auth=false - - --pass-access-token=false - - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ - - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT - - --cookie-expire=336h0m0s - - --trusted-ip=0.0.0.0/0 - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: OAUTH2_PROXY_CLIENT_ID - valueFrom: - secretKeyRef: - key: username - name: auth-proxy - - name: OAUTH2_PROXY_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: password - name: auth-proxy - ports: - - containerPort: 8080 - protocol: TCP - resources: - limits: - memory: 50Mi - requests: - memory: 50Mi ---- -apiVersion: v1 -kind: Service -metadata: - name: non-auth-proxy - namespace: auth-proxy - labels: - app: non-auth-proxy -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - selector: - app: non-auth-proxy - type: ClusterIP ---- - apiVersion: networking.k8s.io/v1 kind: Ingress metadata: