use oauth2-proxy in front of hello-world
This commit is contained in:
@@ -45,7 +45,7 @@ helm:
|
|||||||
|
|
||||||
apps:
|
apps:
|
||||||
stash:
|
stash:
|
||||||
enabled: true
|
enabled: false
|
||||||
state: present
|
state: present
|
||||||
namespace: stashapp
|
namespace: stashapp
|
||||||
|
|
||||||
@@ -65,13 +65,18 @@ apps:
|
|||||||
state: present
|
state: present
|
||||||
|
|
||||||
dkregistry:
|
dkregistry:
|
||||||
enabled: true
|
enabled: false
|
||||||
namespace: default
|
namespace: default
|
||||||
pvc: data-dkregistry-0
|
pvc: data-dkregistry-0
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
nextcloud:
|
nextcloud:
|
||||||
enabled: true
|
enabled: false
|
||||||
namespace: nextcloud
|
namespace: nextcloud
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
|
||||||
|
hello_world:
|
||||||
|
enabled: true
|
||||||
|
namespace: default
|
||||||
|
state: present
|
||||||
|
|||||||
43
ansible-5/roles/prod.k3s/files/hello-world/values.yaml
Normal file
43
ansible-5/roles/prod.k3s/files/hello-world/values.yaml
Normal file
@@ -0,0 +1,43 @@
|
|||||||
|
---
|
||||||
|
# values file for hello-world oauth2-proxy helm chart
|
||||||
|
|
||||||
|
image:
|
||||||
|
tag: "v7.2.0"
|
||||||
|
|
||||||
|
config:
|
||||||
|
clientID: ab3b5b5f-cb5b-4e89-9453-d1fb318399c8
|
||||||
|
clientSecret: gto_mjzrf23bvu5ohu7dub6r7ti5daoa7vw2wpafum7i4qcb4emwqrza
|
||||||
|
|
||||||
|
#configFile: |-
|
||||||
|
# email_domains = [ "*" ]
|
||||||
|
# upstreams = [ "file:///dev/null" ]
|
||||||
|
# provider = "github"
|
||||||
|
# redirect-url = "https://www.xai-corp.net/oauth2/callback"
|
||||||
|
# login-url = "https://git.xai-corp.net/login/oauth/authorize"
|
||||||
|
# redeem-url = "https://git.xai-corp.net/login/oauth/access_token"
|
||||||
|
# validate-url = "https://git.xai-corp.net/api/v1"
|
||||||
|
|
||||||
|
extraArgs:
|
||||||
|
upstream: "http://hello-world/"
|
||||||
|
provider: "github"
|
||||||
|
provider-display-name: "Gitea"
|
||||||
|
redirect-url: "https://www.xai-corp.net/oauth2/callback"
|
||||||
|
login-url: "https://git.xai-corp.net/login/oauth/authorize"
|
||||||
|
redeem-url: "https://git.xai-corp.net/login/oauth/access_token"
|
||||||
|
validate-url: "https://git.xai-corp.net/api/v1"
|
||||||
|
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
path: /
|
||||||
|
pathType: Prefix
|
||||||
|
annotations:
|
||||||
|
hosts:
|
||||||
|
- www.xai-corp.net
|
||||||
|
# hosts:
|
||||||
|
# - host: www.xai-corp.net
|
||||||
|
# paths:
|
||||||
|
# - path: /
|
||||||
|
# pathType: Prefix
|
||||||
|
tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
|
||||||
|
- secretName: xai-corp-production-tls
|
||||||
41
ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml
Normal file
41
ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml
Normal file
@@ -0,0 +1,41 @@
|
|||||||
|
---
|
||||||
|
# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
|
||||||
|
|
||||||
|
- name: create hello world resources
|
||||||
|
kubernetes.core.k8s:
|
||||||
|
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
|
||||||
|
state: "{{apps.hello_world.state}}"
|
||||||
|
definition: "{{ lookup('file', item) | from_yaml }}"
|
||||||
|
loop:
|
||||||
|
- hello-world/configmap.yaml
|
||||||
|
# - hello-world/ingress.yaml
|
||||||
|
- hello-world/service.yaml
|
||||||
|
- hello-world/deployment.yaml
|
||||||
|
become: true
|
||||||
|
|
||||||
|
|
||||||
|
- name: Install oauth-proxy for hello-world
|
||||||
|
block:
|
||||||
|
|
||||||
|
- name: Add oauth-proxy chart helm repo
|
||||||
|
local_action:
|
||||||
|
module: kubernetes.core.helm_repository
|
||||||
|
name: oauth2-proxy
|
||||||
|
repo_url: https://oauth2-proxy.github.io/manifests
|
||||||
|
|
||||||
|
- name: load variables files/hello-world/values.yaml
|
||||||
|
ansible.builtin.include_vars:
|
||||||
|
file: files/hello-world/values.yaml
|
||||||
|
name: release_values
|
||||||
|
|
||||||
|
- name: Install oauth2-proxy Release
|
||||||
|
local_action:
|
||||||
|
module: kubernetes.core.helm
|
||||||
|
release_state: "{{apps.hello_world.state}}"
|
||||||
|
name: oauth2-proxy
|
||||||
|
namespace: "{{apps.hello_world.namespace}}"
|
||||||
|
create_namespace: yes
|
||||||
|
update_repo_cache: True
|
||||||
|
chart_ref: oauth2-proxy/oauth2-proxy
|
||||||
|
values: "{{release_values}}"
|
||||||
|
wait: true
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
|
|
||||||
|
|
||||||
- name: create hello world resources
|
|
||||||
kubernetes.core.k8s:
|
|
||||||
kubeconfig: "/etc/rancher/k3s/k3s.yaml"
|
|
||||||
state: present
|
|
||||||
definition: "{{ lookup('file', item) | from_yaml }}"
|
|
||||||
loop:
|
|
||||||
- hello-world/configmap.yaml
|
|
||||||
- hello-world/ingress.yaml
|
|
||||||
- hello-world/service.yaml
|
|
||||||
- hello-world/deployment.yaml
|
|
||||||
become: true
|
|
||||||
@@ -11,7 +11,8 @@
|
|||||||
include_tasks: cert_manager.yml
|
include_tasks: cert_manager.yml
|
||||||
|
|
||||||
- name: deploy hello-world
|
- name: deploy hello-world
|
||||||
include_tasks: hello-world.yaml
|
include_tasks: deployments/hello-world.yaml
|
||||||
|
when: apps.hello_world.enabled
|
||||||
|
|
||||||
- name: deploy stash
|
- name: deploy stash
|
||||||
include_tasks: deployments/stash.yaml
|
include_tasks: deployments/stash.yaml
|
||||||
|
|||||||
Reference in New Issue
Block a user