AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 2 Releases Activity
Files
ba756c370ad9fb45989a05ae449dab700025ad6b
cluster.fun/manifests/auth-proxy/proxy.yaml
Marcus Noble eefb79771f Added priority classes 
Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
2025-09-14 15:56:31 +01:00

134 lines
3.3 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: host-mappings
namespace: auth-proxy
labels:
app: proxy
data:
mapping.json: |
{
"tekton-el.auth-proxy.svc": "tekton-el.cluster.local",
"vmcluster.auth-proxy.svc": "vmcluster.cluster.local",
"loki.auth-proxy.svc": "loki-write.cluster.local",
"loki.auth-proxy.svc:80": "loki-write.cluster.local",
"loki-distributed.auth-proxy.svc": "loki-loki.cluster.local",
"loki-distributed.auth-proxy.svc:80": "loki-loki.cluster.local"
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: internal-proxy
namespace: auth-proxy
labels:
app: internal-proxy
annotations:
configmap.reloader.stakater.com/reload: "host-mappings"
secret.reloader.stakater.com/reload: "tailscale-auth"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: internal-proxy
template:
metadata:
labels:
app: internal-proxy
spec:
priorityClassName: critical
serviceAccountName: default
dnsPolicy: ClusterFirst
dnsConfig:
nameservers:
- 100.100.100.100
containers:
- name: proxy
image: rg.fr-par.scw.cloud/averagemarcus/proxy:latest
imagePullPolicy: Always
env:
- name: PROXY_DESTINATION
value: talos.tail4dfb.ts.net
- name: PORT
value: "8080"
- name: TS_AUTH_KEY
valueFrom:
secretKeyRef:
name: tailscale-auth
key: password
- name: TS_HOSTNAME
value: auth-proxy-internal-proxy
ports:
- containerPort: 8080
protocol: TCP
volumeMounts:
- name: host-mappings
mountPath: /config/
- name: oauth-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.12.0
args:
- --cookie-secure=false
- --provider=oidc
- --provider-display-name=Auth0
- --upstream=http://localhost:8080
- --http-address=0.0.0.0:8181
- --email-domain=*
- --pass-basic-auth=false
- --pass-access-token=false
- --oidc-issuer-url=https://marcusnoble.eu.auth0.com/
- --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQNFT
- --cookie-expire=336h0m0s
env:
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: username
name: auth-proxy
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: password
name: auth-proxy
ports:
- containerPort: 8181
protocol: TCP
resources:
limits:
memory: 80Mi
requests:
memory: 80Mi
volumes:
- name: host-mappings
configMap:
name: host-mappings
---
apiVersion: v1
kind: Service
metadata:
name: tailscale-proxy
namespace: auth-proxy
labels:
app: internal-proxy
spec:
ports:
- name: non-auth
port: 80
protocol: TCP
targetPort: 8080
- name: auth
port: 81
protocol: TCP
targetPort: 8181
selector:
app: internal-proxy
type: ClusterIP
---
Reference in New Issue View Git Blame Copy Permalink