commit 01b3d3bc65d3a381eda181cdbb3ebed9cfdb7399
author giolekva <giolekva@gmail.com> Tue Nov 09 17:48:28 2021 +0400
committer giolekva <giolekva@gmail.com> Tue Nov 09 17:48:28 2021 +0400
tree 9df2bb68633c4691093dc07e39365c8cfd3f66c5
parent 95340e88088a9d27c1af1202cc019cb25a23cfa4

Installer: pihole + root-ca-server + fix bitwarden cert issuer name

charts/pihole/templates/oauth2-proxy-config.yaml

diff --git a/charts/pihole/templates/oauth2-proxy-config.yaml b/charts/pihole/templates/oauth2-proxy-config.yaml
new file mode 100644
index 0000000..1365162
--- /dev/null
+++ b/charts/pihole/templates/oauth2-proxy-config.yaml
@@ -0,0 +1,62 @@
+{{- $secret := include "clientSecret" . -}}
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ .Values.oauth2.secretName }}
+  namespace: {{ .Release.Namespace }}
+data:
+  client_id: {{ .Values.oauth2.clientId | b64enc  }}
+  client_secret: {{ $secret | b64enc }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.oauth2.configName }}
+  namespace: {{ .Release.Namespace }}
+data:
+  oauth2-proxy.cfg: |
+    http_address = "0.0.0.0:8080"
+
+    reverse_proxy = true
+
+    ## the OAuth Redirect URL.
+    # defaults to the "https://" + requested host header + "/oauth2/callback"
+    # redirect_url = "http://pihole.pcloud/oauth2/callback"
+
+    upstreams = [
+        "http://pihole-web.{{ .Release.Namespace}}.svc"
+    ]
+
+    email_domains = [
+        "*"
+    ]
+
+    standard_logging = false
+    request_logging = false
+    auth_logging = false
+
+    pass_basic_auth = true
+    pass_user_headers = true
+    pass_host_header = true
+
+    ## The OAuth Client ID, Secret
+    client_id = "{{ .Values.oauth2.clientId }}"
+    client_secret = "{{ $secret }}"
+
+    ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
+    pass_access_token = false
+
+    cookie_name = "_oauth2_proxy_pihole"
+    cookie_secret = "123456789012345678901234567890--"
+    cookie_domains = "pihole.{{ .Values.domain }}"
+    cookie_expire = "168h"
+    cookie_refresh = "100h"
+    cookie_secure = true
+    cookie_httponly = true
+
+    provider = "oidc"
+    oidc_issuer_url = "{{ .Values.hydraPublic }}"
+    provider_display_name = "PCloud"
+    profile_url = "{{ .Values.profileUrl }}"