bea/infra-prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "try oauth2 proxy for prom"

Browse Source 
This reverts commit 027c9edb6d.
This commit is contained in:
Beatrice Dellacà
2025-03-31 10:23:12 +02:00
parent 027c9edb6d
commit e9a4de02cc
2 changed files with 5 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
deploy/prometheus/deploy.jsonnet
View File

@@ -82,7 +82,6 @@ local kp = (import 'kube-prometheus/main.libsonnet') + {
},
},
// The Prometheus ingress will route through our OAuth2 proxy below
'prometheus-k8s': ingress(
'prometheus-k8s',
$.values.common.namespace,
@@ -93,19 +92,14 @@ local kp = (import 'kube-prometheus/main.libsonnet') + {
path: '/',
pathType: 'Prefix',
backend: {
// Instead of directly pointing to Prometheus, we point to the OAuth2 proxy Service
service: { name: 'oauth2-proxy-prometheus-service', port: { number: 4180 } },
service: { name: 'prometheus-k8s', port: { name: 'web' } },
},
}],
},
}]
) + {
metadata+: {
annotations: {
'cert-manager.io/cluster-issuer': 'letsencrypt-prod',
'nginx.ingress.kubernetes.io/auth-signin': 'https://$host/oauth2/start?rd=$escaped_request_uri',
'nginx.ingress.kubernetes.io/auth-url': 'https://$host/oauth2/auth',
},
annotations: { 'cert-manager.io/cluster-issuer': 'letsencrypt-prod' },
},
spec+: {
tls: [{
@@ -115,61 +109,6 @@ local kp = (import 'kube-prometheus/main.libsonnet') + {
},
},
},
// Deploy the OAuth2 Proxy for Prometheus
'oauth2-proxy-prometheus-deployment': {
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
name: 'oauth2-proxy-prometheus',
namespace: $.values.common.namespace,
},
spec: {
replicas: 1,
selector: { matchLabels: { app: 'oauth2-proxy-prometheus' } },
template: {
metadata: { labels: { app: 'oauth2-proxy-prometheus' } },
spec: {
containers: [
{
name: 'oauth2-proxy-prometheus',
image: 'quay.io/oauth2-proxy/oauth2-proxy:v7.8.1',
args: [
'--provider=keycloak',
'--client-id=prometheus',
'--client-secret=YbuaHkmWnUnBdCj4SFDD8J19bT4gvSgZ',
'--cookie-secret=Y3VmaXN1aGZnMDM0OTc4ZzNoNDA4cm9pZnVoanIwZzhyago=',
'--oidc-issuer-url=https://sso.panic.haus/realms/panic-haus',
'--cookie-domain=metrics.prod.panic.haus',
'--email-domain=*',
'--http-address=0.0.0.0:4180',
'--redirect-url=https://metrics.prod.panic.haus/oauth2/callback',
'--upstream=http://prometheus-k8s.monitoring.svc.cluster.local:9090',
'--scope=openid',
'--login-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/auth',
'--validate-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/userinfo',
'--redeem-url=https://sso.panic.haus/realms/panic-haus/protocol/openid-connect/token',
],
ports: [{ containerPort: 4180, name: 'http' }],
},
],
},
},
},
},
'oauth2-proxy-prometheus-service': {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: 'oauth2-proxy-prometheus-service',
namespace: $.values.common.namespace,
},
spec: {
ports: [{ name: 'http', port: 4180, targetPort: 4180 }],
selector: { app: 'oauth2-proxy-prometheus' },
},
},
};
// Assemble all manifests (kube-prometheus stack components)
@@ -188,4 +127,4 @@ local kp = (import 'kube-prometheus/main.libsonnet') + {
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) }
{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) }