134 lines
3.3 KiB
YAML
134 lines
3.3 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: host-mappings
|
|
namespace: auth-proxy
|
|
labels:
|
|
app: proxy
|
|
data:
|
|
mapping.json: |
|
|
{
|
|
"tekton-el.auth-proxy.svc": "tekton-el.cluster.local",
|
|
"vmcluster.auth-proxy.svc": "vmcluster.cluster.local",
|
|
"loki.auth-proxy.svc": "loki-write.cluster.local",
|
|
"loki.auth-proxy.svc:80": "loki-write.cluster.local",
|
|
"loki-distributed.auth-proxy.svc": "loki-loki.cluster.local",
|
|
"loki-distributed.auth-proxy.svc:80": "loki-loki.cluster.local"
|
|
}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: internal-proxy
|
|
namespace: auth-proxy
|
|
labels:
|
|
app: internal-proxy
|
|
annotations:
|
|
configmap.reloader.stakater.com/reload: "host-mappings"
|
|
secret.reloader.stakater.com/reload: "tailscale-auth"
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: internal-proxy
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: internal-proxy
|
|
spec:
|
|
priorityClassName: critical
|
|
serviceAccountName: default
|
|
dnsPolicy: ClusterFirst
|
|
dnsConfig:
|
|
nameservers:
|
|
- 100.100.100.100
|
|
containers:
|
|
- name: proxy
|
|
image: rg.fr-par.scw.cloud/averagemarcus/proxy:latest
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: PROXY_DESTINATION
|
|
value: talos.tail4dfb.ts.net
|
|
- name: PORT
|
|
value: "8080"
|
|
- name: TS_AUTH_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: tailscale-auth
|
|
key: password
|
|
- name: TS_HOSTNAME
|
|
value: auth-proxy-internal-proxy
|
|
ports:
|
|
- containerPort: 8080
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- name: host-mappings
|
|
mountPath: /config/
|
|
|
|
- name: oauth-proxy
|
|
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
|
|
args:
|
|
- --cookie-secure=false
|
|
- --provider=oidc
|
|
- --provider-display-name=Auth0
|
|
- --upstream=http://localhost:8080
|
|
- --http-address=0.0.0.0:8181
|
|
- --email-domain=*
|
|
- --pass-basic-auth=false
|
|
- --pass-access-token=false
|
|
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
|
|
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
|
|
- --cookie-expire=336h0m0s
|
|
env:
|
|
- name: HOST_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: status.podIP
|
|
- name: OAUTH2_PROXY_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: username
|
|
name: auth-proxy
|
|
- name: OAUTH2_PROXY_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: password
|
|
name: auth-proxy
|
|
ports:
|
|
- containerPort: 8181
|
|
protocol: TCP
|
|
resources:
|
|
limits:
|
|
memory: 80Mi
|
|
requests:
|
|
memory: 80Mi
|
|
volumes:
|
|
- name: host-mappings
|
|
configMap:
|
|
name: host-mappings
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: tailscale-proxy
|
|
namespace: auth-proxy
|
|
labels:
|
|
app: internal-proxy
|
|
spec:
|
|
ports:
|
|
- name: non-auth
|
|
port: 80
|
|
protocol: TCP
|
|
targetPort: 8080
|
|
- name: auth
|
|
port: 81
|
|
protocol: TCP
|
|
targetPort: 8181
|
|
selector:
|
|
app: internal-proxy
|
|
type: ClusterIP
|
|
---
|