From 463ac84e3a91c6833e43bbd67e4e36a010aa8525 Mon Sep 17 00:00:00 2001
From: richard <r_morgan@sympatico.ca>
Date: Wed, 22 Mar 2023 15:59:19 -0400
Subject: [PATCH] add oauth2proxy in front of stash

---
 .../prod.k3s/files/hello-world/values.yaml    |  9 ----
 .../prod.k3s/files/stash/proxy-values.yaml    | 48 ++++++++-----------
 .../roles/prod.k3s/files/stash/values.yaml    |  2 +-
 .../prod.k3s/tasks/deployments/stash.yaml     | 10 ++--
 4 files changed, 25 insertions(+), 44 deletions(-)

diff --git a/ansible-5/roles/prod.k3s/files/hello-world/values.yaml b/ansible-5/roles/prod.k3s/files/hello-world/values.yaml
index ae1dae7..124d356 100644
--- a/ansible-5/roles/prod.k3s/files/hello-world/values.yaml
+++ b/ansible-5/roles/prod.k3s/files/hello-world/values.yaml
@@ -8,15 +8,6 @@ config:
   clientID: ab3b5b5f-cb5b-4e89-9453-d1fb318399c8
   clientSecret: gto_mjzrf23bvu5ohu7dub6r7ti5daoa7vw2wpafum7i4qcb4emwqrza
 
-#configFile: |-
-#  email_domains = [ "*" ]
-#  upstreams = [ "file:///dev/null" ]
-#  provider = "github"
-#  redirect-url = "https://www.xai-corp.net/oauth2/callback"
-#  login-url = "https://git.xai-corp.net/login/oauth/authorize"
-#  redeem-url = "https://git.xai-corp.net/login/oauth/access_token"
-#  validate-url = "https://git.xai-corp.net/api/v1"
-
 extraArgs:
   upstream: "http://hello-world/"
   provider: "github"
diff --git a/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml b/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml
index c97b34a..cf3329c 100644
--- a/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml
+++ b/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml
@@ -1,40 +1,30 @@
 ---
 #oauth2-proxy values file for stash app
-config:
-  # Add config annotations
-  annotations: {}
-  # OAuth client ID
-  clientID: "7b70fc0364e3f2da5d4b"
-  # OAuth client secret
-  clientSecret: "0359972eef425a4a0b7690b6c323214c26a04686"
-  configFile: |-
-    provider = "email"
-    email_domains = ["sympatico.ca"]
 
-#    provider = "github"
-#    github_user = "rmorgan105"
-#    email_domains = [ "*" ]
-#    upstreams = [ "file:///dev/null" ]
+image:
+  tag: "v7.2.0"
+
+config:
+  clientID: cf0bd81a-eb10-4db6-9689-07a9a7ea0de1
+  clientSecret: gto_vgpe33q73wstgc637u6xhtmmsvbux6ckliypntd3kuzpq7squ42a
+
+extraArgs:
+  upstream: "http://stash:9999/"
+  provider: "github"
+  provider-display-name: "Gitea"
+  redirect-url: "https://stash.xai-corp.net/oauth2/callback"
+  login-url: "https://git.xai-corp.net/login/oauth/authorize"
+  redeem-url: "https://git.xai-corp.net/login/oauth/access_token"
+  validate-url: "https://git.xai-corp.net/api/v1"
+
 ingress:
   enabled: true
-#  className: traefic
   path: /
-  # Only used if API capabilities (networking.k8s.io/v1) allow it
-  pathType: ImplementationSpecific
-    # Used to create an Ingress record.
+  pathType: Prefix
   hosts:
     - stash.xai-corp.net
   # - chart-example.local
   # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
   # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
-  extraPaths:
-  - path: /
-    pathType: ImplementationSpecific
-    backend:
-      service:
-        name: stash
-        port:
-          number: 9999
-  # annotations:
-  #   kubernetes.io/ingress.class: nginx
-  #   kubernetes.io/tls-acme: "true"
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls
diff --git a/ansible-5/roles/prod.k3s/files/stash/values.yaml b/ansible-5/roles/prod.k3s/files/stash/values.yaml
index 8ff237c..a996536 100644
--- a/ansible-5/roles/prod.k3s/files/stash/values.yaml
+++ b/ansible-5/roles/prod.k3s/files/stash/values.yaml
@@ -8,7 +8,7 @@ image:
 
 ingress:
   main:
-    enabled: true
+    enabled: false
     hosts:
       - host: stash.xai-corp.net
         paths:
diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
index 3716382..a66b471 100644
--- a/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/deployments/stash.yaml
@@ -58,16 +58,16 @@
     - name: load variables files/stash/proxy-values.yaml
       ansible.builtin.include_vars:
         file: files/stash/proxy-values.yaml
-        name: stash_values
+        name: proxy_values
 
     - name: Install oauth2-proxy Release
       local_action:
         module: kubernetes.core.helm
-        release_state: absent
-        name: stash-oauth2-proxy
+        release_state: "{{ apps.stash.state }}"
+        name: oauth2-proxy
         namespace: "{{ apps.stash.namespace }}"
-        create_namespace: yes
+        create_namespace: no
         update_repo_cache: True
         chart_ref: oauth2-proxy/oauth2-proxy
-        values: "{{stash_values}}"
+        values: "{{proxy_values}}"
         wait: true