diff --git a/deploy/longhorn/kustomization.yaml b/deploy/longhorn/kustomization.yaml deleted file mode 100644 index 082bf51..0000000 --- a/deploy/longhorn/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - longhorn-ingress.yaml - - oauth2-proxy-longhorn-svc.yaml - - oauth2-proxy-longhorn.yaml \ No newline at end of file diff --git a/deploy/longhorn/longhorn-dashboard.yaml b/deploy/longhorn/longhorn-dashboard.yaml new file mode 100644 index 0000000..bde9663 --- /dev/null +++ b/deploy/longhorn/longhorn-dashboard.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: longhorn-dashboard + namespace: longhorn-system + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri + nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth +spec: + tls: + - hosts: + - longhorn.panic.haus + secretName: longhorn-tls + rules: + - host: longhorn.panic.haus + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: longhorn-frontend + port: + number: 80 + diff --git a/deploy/longhorn/longhorn-ingress.yaml b/deploy/longhorn/longhorn-ingress.yaml index b1eedcb..3c8a59b 100644 --- a/deploy/longhorn/longhorn-ingress.yaml +++ b/deploy/longhorn/longhorn-ingress.yaml @@ -6,28 +6,28 @@ metadata: annotations: kubernetes.io/ingress.class: "nginx" cert-manager.io/cluster-issuer: "letsencrypt-prod" - nginx.ingress.kubernetes.io/auth-url: "https://longhorn.panic.haus/oauth2/auth" - nginx.ingress.kubernetes.io/auth-signin: "https://longhorn.panic.haus/oauth2/start?rd=$scheme://$host$request_uri" + nginx.ingress.kubernetes.io/auth-url: "http://oauth2-proxy-service.longhorn-system.svc.cluster.local:4180/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://longhorn.panic.haus/oauth2/start?rd=$escaped_request_uri" spec: tls: - - hosts: - - longhorn.panic.haus - secretName: longhorn-tls + - hosts: + - longhorn.panic.haus + secretName: longhorn-tls rules: - - host: longhorn.panic.haus - http: - paths: - - path: /oauth2 - pathType: Prefix - backend: - service: - name: oauth2-proxy - port: - number: 4180 - - path: / - pathType: Prefix - backend: - service: - name: longhorn-frontend - port: - number: 80 \ No newline at end of file + - host: longhorn.panic.haus + http: + paths: + - path: /oauth2 + pathType: Prefix + backend: + service: + name: oauth2-proxy-longhorn-service + port: + number: 4180 + - path: / + pathType: Prefix + backend: + service: + name: longhorn-frontend + port: + number: 80 \ No newline at end of file diff --git a/deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml b/deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml new file mode 100644 index 0000000..0e97f67 --- /dev/null +++ b/deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: oauth2-proxy-longhorn-ingress + namespace: longhorn-system + annotations: + kubernetes.io/ingress.class: nginx +spec: + rules: + - host: longhorn.panic.haus + http: + paths: + - path: /oauth2 + pathType: Prefix + backend: + service: + name: oauth2-proxy-longhorn-service + port: + number: 4180 diff --git a/deploy/longhorn/oauth2-proxy-longhorn-svc.yaml b/deploy/longhorn/oauth2-proxy-longhorn-svc.yaml index 813bdf6..bc2d22a 100644 --- a/deploy/longhorn/oauth2-proxy-longhorn-svc.yaml +++ b/deploy/longhorn/oauth2-proxy-longhorn-svc.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: oauth2-proxy-longhorn + name: oauth2-proxy-longhorn-service namespace: longhorn-system spec: ports: @@ -10,4 +10,4 @@ spec: protocol: TCP name: http selector: - app: oauth2-proxy-longhorn \ No newline at end of file + app: oauth2-proxy-longhorn diff --git a/deploy/longhorn/oauth2-proxy-longhorn.yaml b/deploy/longhorn/oauth2-proxy-longhorn.yaml index 3cf008d..3532372 100644 --- a/deploy/longhorn/oauth2-proxy-longhorn.yaml +++ b/deploy/longhorn/oauth2-proxy-longhorn.yaml @@ -14,23 +14,23 @@ spec: app: oauth2-proxy-longhorn spec: containers: - - name: oauth2-proxy + - name: oauth2-proxy-longhorn image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1 args: - --provider=keycloak - --client-id=longhorn - --client-secret=0U2QuP1QMAXln8bzwJ3aJMIvaH9t2QvJ - --cookie-secret=lDE7du7SlDuG1UySIZUhcHfuk5HlgFlgDWdHD_PQ9UI= - - --oidc-issuer-url=https://sso.beatrice.wtf/realms/panic-haus + - --oidc-issuer-url=https://sso.beatrice.wtf/auth/realms/panic-haus - --cookie-domain=longhorn.panic.haus - --email-domain=* - --http-address=0.0.0.0:4180 - --redirect-url=https://longhorn.panic.haus/oauth2/callback - --upstream=http://longhorn-frontend.longhorn-system.svc.cluster.local:80 - --scope=openid - - --login-url=https://sso.beatrice.wtf/realms/panic-haus/protocol/openid-connect/auth - - --validate-url=https://sso.beatrice.wtf/realms/panic-haus/protocol/openid-connect/userinfo - - --redeem-url=https://sso.beatrice.wtf/realms/panic-haus/protocol/openid-connect/token + - --login-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/auth + - --validate-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/userinfo + - --redeem-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/token - --skip-auth-regex=^(?:https?:\/\/)?longhorn\.panic\.haus\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$|^\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$ ports: - name: http