providers/app_gw: improve templates

This commit is contained in:
Jens Langhammer 2020-08-01 22:13:12 +02:00
parent e1bbbe6671
commit de2b67b111
2 changed files with 22 additions and 9 deletions

View file

@ -2,18 +2,20 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
app.kubernetes.io/name: passbook-gatekeeper app.kubernetes.io/name: "passbook-gatekeeper-{{ provider.name }}"
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
name: passbook-gatekeeper name: passbook-gatekeeper
namespace: kube-system
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/name: passbook-gatekeeper app.kubernetes.io/name: passbook-gatekeeper
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
template: template:
metadata: metadata:
labels: labels:
app.kubernetes.io/name: passbook-gatekeeper app.kubernetes.io/name: passbook-gatekeeper
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
spec: spec:
containers: containers:
- args: - args:
@ -27,6 +29,10 @@ spec:
value: "{{ cookie_secret }}" value: "{{ cookie_secret }}"
- name: OAUTH2_PROXY_OIDC_ISSUER_URL - name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: "{{ issuer }}" value: "{{ issuer }}"
- name: OAUTH2_PROXY_SET_XAUTHREQUEST
value: "true"
- name: OAUTH2_PROXY_SET_AUTHORIZATION_HEADER
value: "true"
image: beryju/passbook-gatekeeper:{{ version }} image: beryju/passbook-gatekeeper:{{ version }}
imagePullPolicy: Always imagePullPolicy: Always
name: passbook-gatekeeper name: passbook-gatekeeper
@ -38,9 +44,9 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
app.kubernetes.io/name: passbook-gatekeeper app.kubernetes.io/name: "passbook-gatekeeper-{{ provider.name }}"
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
name: passbook-gatekeeper name: passbook-gatekeeper
namespace: kube-system
spec: spec:
ports: ports:
- name: http - name: http
@ -49,18 +55,18 @@ spec:
targetPort: 4180 targetPort: 4180
selector: selector:
app.kubernetes.io/name: passbook-gatekeeper app.kubernetes.io/name: passbook-gatekeeper
passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}"
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: passbook-gatekeeper name: passbook-gatekeeper-{{ provider.name }}
namespace: kube-system
spec: spec:
rules: rules:
- host: {{ provider.external_host }} - host: {{ provider.external_host }}
http: http:
paths: paths:
- backend: - backend:
serviceName: passbook-gatekeeper serviceName: "passbook-gatekeeper-{{ provider.name }}"
servicePort: 4180 servicePort: 4180
path: /oauth2 path: /oauth2

View file

@ -49,8 +49,15 @@
<a href="{% url 'passbook_providers_app_gw:k8s-manifest' provider=provider.pk %}">{% trans 'Here' %}</a> <a href="{% url 'passbook_providers_app_gw:k8s-manifest' provider=provider.pk %}">{% trans 'Here' %}</a>
<p>{% trans 'Afterwards, add the following annotations to the Ingress you want to secure:' %}</p> <p>{% trans 'Afterwards, add the following annotations to the Ingress you want to secure:' %}</p>
<textarea class="codemirror" readonly data-cm-mode="yaml"> <textarea class="codemirror" readonly data-cm-mode="yaml">
nginx.ingress.kubernetes.io/auth-url: "{{ provider.external_host }}/oauth2/auth" nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-signin: "{{ provider.external_host }}/oauth2/start?rd=$escaped_request_uri" nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
nginx.ingress.kubernetes.io/configuration-snippet: |
auth_request_set $user_id $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
auth_request_set $user_name $upstream_http_x_auth_request_preferred_username;
proxy_set_header X-User-Id $user_id;
proxy_set_header X-User $user_name;
proxy_set_header X-Email $email;
</textarea> </textarea>
</div> </div>
<footer class="pf-c-modal-box__footer pf-m-align-left"> <footer class="pf-c-modal-box__footer pf-m-align-left">