xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

use oauth2-proxy in front of hello-world

Browse Source
This commit is contained in:
richard
2022-12-20 17:30:42 -05:00
parent 0e1aee55b4
commit 4dc0961cc8
5 changed files with 94 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ansible-5/roles/prod.k3s/defaults/main.yml
View File

@@ -45,7 +45,7 @@ helm:
apps:
stash:
enabled: true
enabled: false
state: present
namespace: stashapp
@@ -65,13 +65,18 @@ apps:
state: present
dkregistry:
enabled: true
enabled: false
namespace: default
pvc: data-dkregistry-0
state: present
nextcloud:
enabled: true
enabled: false
namespace: nextcloud
state: present
hello_world:
enabled: true
namespace: default
state: present

43
ansible-5/roles/prod.k3s/files/hello-world/values.yaml Normal file
View File

@@ -0,0 +1,43 @@
---
# values file for hello-world oauth2-proxy helm chart
image:
tag: "v7.2.0"
config:
clientID: ab3b5b5f-cb5b-4e89-9453-d1fb318399c8
clientSecret: gto_mjzrf23bvu5ohu7dub6r7ti5daoa7vw2wpafum7i4qcb4emwqrza
#configFile: |-
# email_domains = [ "*" ]
# upstreams = [ "file:///dev/null" ]
# provider = "github"
# redirect-url = "https://www.xai-corp.net/oauth2/callback"
# login-url = "https://git.xai-corp.net/login/oauth/authorize"
# redeem-url = "https://git.xai-corp.net/login/oauth/access_token"
# validate-url = "https://git.xai-corp.net/api/v1"
extraArgs:
upstream: "http://hello-world/"
provider: "github"
provider-display-name: "Gitea"
redirect-url: "https://www.xai-corp.net/oauth2/callback"
login-url: "https://git.xai-corp.net/login/oauth/authorize"
redeem-url: "https://git.xai-corp.net/login/oauth/access_token"
validate-url: "https://git.xai-corp.net/api/v1"
ingress:
enabled: true
path: /
pathType: Prefix
annotations:
hosts:
- www.xai-corp.net
# hosts:
# - host: www.xai-corp.net
# paths:
# - path: /
# pathType: Prefix
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
- secretName: xai-corp-production-tls

41
ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml Normal file
View File

@@ -0,0 +1,41 @@
---
# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
- name: create hello world resources
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: "{{apps.hello_world.state}}"
definition: "{{ lookup('file', item) | from_yaml }}"
loop:
- hello-world/configmap.yaml
# - hello-world/ingress.yaml
- hello-world/service.yaml
- hello-world/deployment.yaml
become: true
- name: Install oauth-proxy for hello-world
block:
- name: Add oauth-proxy chart helm repo
local_action:
module: kubernetes.core.helm_repository
name: oauth2-proxy
repo_url: https://oauth2-proxy.github.io/manifests
- name: load variables files/hello-world/values.yaml
ansible.builtin.include_vars:
file: files/hello-world/values.yaml
name: release_values
- name: Install oauth2-proxy Release
local_action:
module: kubernetes.core.helm
release_state: "{{apps.hello_world.state}}"
name: oauth2-proxy
namespace: "{{apps.hello_world.namespace}}"
create_namespace: yes
update_repo_cache: True
chart_ref: oauth2-proxy/oauth2-proxy
values: "{{release_values}}"
wait: true

14
ansible-5/roles/prod.k3s/tasks/hello-world.yaml
View File

@@ -1,14 +0,0 @@
---
# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
- name: create hello world resources
kubernetes.core.k8s:
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
state: present
definition: "{{ lookup('file', item) | from_yaml }}"
loop:
- hello-world/configmap.yaml
- hello-world/ingress.yaml
- hello-world/service.yaml
- hello-world/deployment.yaml
become: true

3
ansible-5/roles/prod.k3s/tasks/main.yml
View File

@@ -11,7 +11,8 @@
include_tasks: cert_manager.yml
- name: deploy hello-world
include_tasks: hello-world.yaml
include_tasks: deployments/hello-world.yaml
when: apps.hello_world.enabled
- name: deploy stash
include_tasks: deployments/stash.yaml