add oauth2proxy in front of stash

2023-03-22 15:59:19 -04:00
parent 8bb566fb14
commit 463ac84e3a
4 changed files with 25 additions and 44 deletions
--- a/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml
+++ b/ansible-5/roles/prod.k3s/files/stash/proxy-values.yaml
@@ -1,40 +1,30 @@
 ---
 #oauth2-proxy values file for stash app
-config:
-  # Add config annotations
-  annotations: {}
-  # OAuth client ID
-  clientID: "7b70fc0364e3f2da5d4b"
-  # OAuth client secret
-  clientSecret: "0359972eef425a4a0b7690b6c323214c26a04686"
-  configFile: |-
-    provider = "email"
-    email_domains = ["sympatico.ca"]

-#    provider = "github"
-#    github_user = "rmorgan105"
-#    email_domains = [ "*" ]
-#    upstreams = [ "file:///dev/null" ]
+image:
+  tag: "v7.2.0"
+
+config:
+  clientID: cf0bd81a-eb10-4db6-9689-07a9a7ea0de1
+  clientSecret: gto_vgpe33q73wstgc637u6xhtmmsvbux6ckliypntd3kuzpq7squ42a
+
+extraArgs:
+  upstream: "http://stash:9999/"
+  provider: "github"
+  provider-display-name: "Gitea"
+  redirect-url: "https://stash.xai-corp.net/oauth2/callback"
+  login-url: "https://git.xai-corp.net/login/oauth/authorize"
+  redeem-url: "https://git.xai-corp.net/login/oauth/access_token"
+  validate-url: "https://git.xai-corp.net/api/v1"
+
 ingress:
  enabled: true
-#  className: traefic
  path: /
-  # Only used if API capabilities (networking.k8s.io/v1) allow it
-  pathType: ImplementationSpecific
-    # Used to create an Ingress record.
+  pathType: Prefix
  hosts:
    - stash.xai-corp.net
  # - chart-example.local
  # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
  # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
-  extraPaths:
-  - path: /
-    pathType: ImplementationSpecific
-    backend:
-      service:
-        name: stash
-        port:
-          number: 9999
-  # annotations:
-  #   kubernetes.io/ingress.class: nginx
-  #   kubernetes.io/tls-acme: "true"
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls
--- a/ansible-5/roles/prod.k3s/files/stash/values.yaml
+++ b/ansible-5/roles/prod.k3s/files/stash/values.yaml
@@ -8,7 +8,7 @@ image:

 ingress:
  main:
-    enabled: true
+    enabled: false
    hosts:
      - host: stash.xai-corp.net
        paths: