auth-proxy: proxies only authenticated requests to upstream, redirects to login page otherwise (#103) * auth-proxy: inspects authenticated user * ingress: chart and use in rpuppy * auth-proxy: make it optional in rpuppy * kratos: whitelist env pub/priv domains for auth return_to addr * url-shortener: put behind auth-proxy * pihole: replace oauth2-client with auth-proxy * auth-proxy: fix upstream uri generation * pihole: remove old chart using oauth2 * auth-proxy: remove temporary values file * url-shortener: check x-user header for authentication * auth: fix allowed_return_urls list * auth-proxy: fix current address generation logic --------- Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>

commit: 0ba5e4081640155aa4a356fa279c6d6bb9e55d90 [log] [tgz]
author: Giorgi Lekveishvili <giolekva@gmail.com> Wed Mar 20 15:56:30 2024 +0400
committer: GitHub <noreply@github.com> Wed Mar 20 15:56:30 2024 +0400
tree: 64cf73da6abcdf295404a76f7172151cd1a11c1b
parent: d7744a6874c4eceeabf5011a18e68430725eed4d [diff] [blame]
diff --git a/charts/auth-proxy/values.yaml b/charts/auth-proxy/values.yaml
new file mode 100644
index 0000000..9f61b34
--- /dev/null
+++ b/charts/auth-proxy/values.yaml

@@ -0,0 +1,8 @@
+image:
+  repository: giolekva/auth-proxy
+  tag: latest
+  pullPolicy: Always
+upstream: bar.svc.cluster.local
+whoAmIAddr: https://accounts.example.com/sessions/whoami
+loginAddr: https://accounts-ui.example.com/login
+portName: http
commit	0ba5e4081640155aa4a356fa279c6d6bb9e55d90	[log] [tgz]
author	Giorgi Lekveishvili <giolekva@gmail.com>	Wed Mar 20 15:56:30 2024 +0400
committer	GitHub <noreply@github.com>	Wed Mar 20 15:56:30 2024 +0400
tree	64cf73da6abcdf295404a76f7172151cd1a11c1b
parent	d7744a6874c4eceeabf5011a18e68430725eed4d [diff] [blame]