providers/app_gw: improve templates
This commit is contained in:
Jens Langhammer
@ -2,18 +2,20 @@ apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
app.kubernetes.io/name: "passbook-gatekeeper-{{ provider.name }}"
|
||||
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
|
||||
name: passbook-gatekeeper
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
@ -27,6 +29,10 @@ spec:
|
||||
value: "{{ cookie_secret }}"
|
||||
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
|
||||
value: "{{ issuer }}"
|
||||
- name: OAUTH2_PROXY_SET_XAUTHREQUEST
|
||||
value: "true"
|
||||
- name: OAUTH2_PROXY_SET_AUTHORIZATION_HEADER
|
||||
value: "true"
|
||||
image: beryju/passbook-gatekeeper:{{ version }}
|
||||
imagePullPolicy: Always
|
||||
name: passbook-gatekeeper
|
||||
@ -38,9 +44,9 @@ apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
app.kubernetes.io/name: "passbook-gatekeeper-{{ provider.name }}"
|
||||
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
|
||||
name: passbook-gatekeeper
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
@ -49,18 +55,18 @@ spec:
|
||||
targetPort: 4180
|
||||
selector:
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: passbook-gatekeeper
|
||||
namespace: kube-system
|
||||
name: passbook-gatekeeper-{{ provider.name }}
|
||||
spec:
|
||||
rules:
|
||||
- host: {{ provider.external_host }}
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
serviceName: passbook-gatekeeper
|
||||
serviceName: "passbook-gatekeeper-{{ provider.name }}"
|
||||
servicePort: 4180
|
||||
path: /oauth2
|
||||
|
||||
@ -49,8 +49,15 @@
|
||||
<a href="{% url 'passbook_providers_app_gw:k8s-manifest' provider=provider.pk %}">{% trans 'Here' %}</a>
|
||||
<p>{% trans 'Afterwards, add the following annotations to the Ingress you want to secure:' %}</p>
|
||||
<textarea class="codemirror" readonly data-cm-mode="yaml">
|
||||
nginx.ingress.kubernetes.io/auth-url: "{{ provider.external_host }}/oauth2/auth"
|
||||
nginx.ingress.kubernetes.io/auth-signin: "{{ provider.external_host }}/oauth2/start?rd=$escaped_request_uri"
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
|
||||
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
|
||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||
auth_request_set $user_id $upstream_http_x_auth_request_user;
|
||||
auth_request_set $email $upstream_http_x_auth_request_email;
|
||||
auth_request_set $user_name $upstream_http_x_auth_request_preferred_username;
|
||||
proxy_set_header X-User-Id $user_id;
|
||||
proxy_set_header X-User $user_name;
|
||||
proxy_set_header X-Email $email;
|
||||
</textarea>
|
||||
</div>
|
||||
<footer class="pf-c-modal-box__footer pf-m-align-left">
|
||||
|
||||
Reference in New Issue
Block a user