bea/infra
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix oauth2 longhorn proxy

Browse Source
This commit is contained in:
Beatrice Dellacà
2025-03-20 02:56:32 +01:00
parent 35af177b45
commit d1fd69888a
6 changed files with 75 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
deploy/longhorn/kustomization.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- longhorn-ingress.yaml
- oauth2-proxy-longhorn-svc.yaml
- oauth2-proxy-longhorn.yaml

27
deploy/longhorn/longhorn-dashboard.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn-dashboard
namespace: longhorn-system
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
spec:
tls:
- hosts:
- longhorn.panic.haus
secretName: longhorn-tls
rules:
- host: longhorn.panic.haus
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: longhorn-frontend
port:
number: 80

6
deploy/longhorn/longhorn-ingress.yaml
View File

@@ -6,8 +6,8 @@ metadata:
annotations: annotations:
kubernetes.io/ingress.class: "nginx" kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod" cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/auth-url: "https://longhorn.panic.haus/oauth2/auth" nginx.ingress.kubernetes.io/auth-url: "http://oauth2-proxy-service.longhorn-system.svc.cluster.local:4180/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://longhorn.panic.haus/oauth2/start?rd=$scheme://$host$request_uri" nginx.ingress.kubernetes.io/auth-signin: "https://longhorn.panic.haus/oauth2/start?rd=$escaped_request_uri"
spec: spec:
tls: tls:
- hosts: - hosts:
@@ -21,7 +21,7 @@ spec:
pathType: Prefix pathType: Prefix
backend: backend:
service: service:
name: oauth2-proxy name: oauth2-proxy-longhorn-service
port: port:
number: 4180 number: 4180
- path: / - path: /

19
deploy/longhorn/oauth2-proxy-longhorn-ingress.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: oauth2-proxy-longhorn-ingress
namespace: longhorn-system
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: longhorn.panic.haus
http:
paths:
- path: /oauth2
pathType: Prefix
backend:
service:
name: oauth2-proxy-longhorn-service
port:
number: 4180

2
deploy/longhorn/oauth2-proxy-longhorn-svc.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: oauth2-proxy-longhorn name: oauth2-proxy-longhorn-service
namespace: longhorn-system namespace: longhorn-system
spec: spec:
ports: ports:

10
deploy/longhorn/oauth2-proxy-longhorn.yaml
View File

@@ -14,23 +14,23 @@ spec:
app: oauth2-proxy-longhorn app: oauth2-proxy-longhorn
spec: spec:
containers: containers:
- name: oauth2-proxy - name: oauth2-proxy-longhorn
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1 image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
args: args:
- --provider=keycloak - --provider=keycloak
- --client-id=longhorn - --client-id=longhorn
- --client-secret=0U2QuP1QMAXln8bzwJ3aJMIvaH9t2QvJ - --client-secret=0U2QuP1QMAXln8bzwJ3aJMIvaH9t2QvJ
- --cookie-secret=lDE7du7SlDuG1UySIZUhcHfuk5HlgFlgDWdHD_PQ9UI= - --cookie-secret=lDE7du7SlDuG1UySIZUhcHfuk5HlgFlgDWdHD_PQ9UI=
- --oidc-issuer-url=https://sso.beatrice.wtf/realms/panic-haus - --oidc-issuer-url=https://sso.beatrice.wtf/auth/realms/panic-haus
- --cookie-domain=longhorn.panic.haus - --cookie-domain=longhorn.panic.haus
- --email-domain=* - --email-domain=*
- --http-address=0.0.0.0:4180 - --http-address=0.0.0.0:4180
- --redirect-url=https://longhorn.panic.haus/oauth2/callback - --redirect-url=https://longhorn.panic.haus/oauth2/callback
- --upstream=http://longhorn-frontend.longhorn-system.svc.cluster.local:80 - --upstream=http://longhorn-frontend.longhorn-system.svc.cluster.local:80
- --scope=openid - --scope=openid
- --login-url=https://sso.beatrice.wtf/realms/panic-haus/protocol/openid-connect/auth - --login-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/auth
- --validate-url=https://sso.beatrice.wtf/realms/panic-haus/protocol/openid-connect/userinfo - --validate-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/userinfo
- --redeem-url=https://sso.beatrice.wtf/realms/panic-haus/protocol/openid-connect/token - --redeem-url=https://sso.beatrice.wtf/auth/realms/panic-haus/protocol/openid-connect/token
- --skip-auth-regex=^(?:https?:\/\/)?longhorn\.panic\.haus\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$|^\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$ - --skip-auth-regex=^(?:https?:\/\/)?longhorn\.panic\.haus\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$|^\/(favicon\.ico|.*\.(?:js|css)(\.map)?)$
ports: ports:
- name: http - name: http