use oauth2-proxy in front of hello-world

ansible-5/roles/prod.k3s/defaults/main.yml

@@ -45,7 +45,7 @@ helm:
 
 apps:
   stash:
-    enabled: true
+    enabled: false
     state: present
     namespace: stashapp
 
@@ -65,13 +65,18 @@ apps:
     state: present
 
   dkregistry:
-    enabled: true
+    enabled: false
     namespace: default
     pvc: data-dkregistry-0
     state: present
 
   nextcloud:
-    enabled: true
+    enabled: false
     namespace: nextcloud
     state: present
 
+
+  hello_world:
+    enabled: true
+    namespace: default
+    state: present

ansible-5/roles/prod.k3s/files/hello-world/values.yaml

@@ -0,0 +1,43 @@
+---
+# values file for hello-world oauth2-proxy helm chart
+
+image:
+  tag: "v7.2.0"
+
+config:
+  clientID: ab3b5b5f-cb5b-4e89-9453-d1fb318399c8
+  clientSecret: gto_mjzrf23bvu5ohu7dub6r7ti5daoa7vw2wpafum7i4qcb4emwqrza
+
+#configFile: |-
+#  email_domains = [ "*" ]
+#  upstreams = [ "file:///dev/null" ]
+#  provider = "github"
+#  redirect-url = "https://www.xai-corp.net/oauth2/callback"
+#  login-url = "https://git.xai-corp.net/login/oauth/authorize"
+#  redeem-url = "https://git.xai-corp.net/login/oauth/access_token"
+#  validate-url = "https://git.xai-corp.net/api/v1"
+
+extraArgs:
+  upstream: "http://hello-world/"
+  provider: "github"
+  provider-display-name: "Gitea"
+  redirect-url: "https://www.xai-corp.net/oauth2/callback"
+  login-url: "https://git.xai-corp.net/login/oauth/authorize"
+  redeem-url: "https://git.xai-corp.net/login/oauth/access_token"
+  validate-url: "https://git.xai-corp.net/api/v1"
+
+
+ingress:
+  enabled: true
+  path: /
+  pathType: Prefix
+  annotations:
+  hosts:
+    - www.xai-corp.net
+#  hosts:
+#    - host: www.xai-corp.net
+#      paths:
+#        - path: /
+#          pathType: Prefix
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls

ansible-5/roles/prod.k3s/tasks/deployments/hello-world.yaml

@@ -0,0 +1,41 @@
+---
+# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
+
+- name: create hello world resources
+  kubernetes.core.k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    state: "{{apps.hello_world.state}}"
+    definition: "{{ lookup('file', item) | from_yaml }}"
+  loop:
+    - hello-world/configmap.yaml
+#    - hello-world/ingress.yaml
+    - hello-world/service.yaml
+    - hello-world/deployment.yaml
+  become: true
+
+
+- name: Install oauth-proxy for hello-world
+  block:
+
+    - name: Add oauth-proxy chart helm repo
+      local_action:
+        module: kubernetes.core.helm_repository
+        name: oauth2-proxy
+        repo_url: https://oauth2-proxy.github.io/manifests
+
+    - name: load variables files/hello-world/values.yaml
+      ansible.builtin.include_vars:
+        file: files/hello-world/values.yaml
+        name: release_values
+
+    - name: Install oauth2-proxy Release
+      local_action:
+        module: kubernetes.core.helm
+        release_state: "{{apps.hello_world.state}}"
+        name: oauth2-proxy
+        namespace: "{{apps.hello_world.namespace}}"
+        create_namespace: yes
+        update_repo_cache: True
+        chart_ref: oauth2-proxy/oauth2-proxy
+        values: "{{release_values}}"
+        wait: true

ansible-5/roles/prod.k3s/tasks/hello-world.yaml

@@ -1,14 +0,0 @@
----
-# https://www.jeffgeerling.com/blog/2022/quick-hello-world-http-deployment-testing-k3s-and-traefik
-
-- name: create hello world resources
-  kubernetes.core.k8s:
-    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
-    state: present
-    definition: "{{ lookup('file', item) | from_yaml }}"
-  loop:
-    - hello-world/configmap.yaml
-    - hello-world/ingress.yaml
-    - hello-world/service.yaml
-    - hello-world/deployment.yaml
-  become: true

ansible-5/roles/prod.k3s/tasks/main.yml

@@ -11,7 +11,8 @@
   include_tasks: cert_manager.yml
 
 - name: deploy hello-world
-  include_tasks: hello-world.yaml
+  include_tasks: deployments/hello-world.yaml
+  when: apps.hello_world.enabled
 
 - name: deploy stash
   include_tasks: deployments/stash.yaml