auth-proxy: proxies only authenticated requests to upstream, redirects to login page otherwise (#103)
* auth-proxy: inspects authenticated user
* ingress: chart and use in rpuppy
* auth-proxy: make it optional in rpuppy
* kratos: whitelist env pub/priv domains for auth return_to addr
* url-shortener: put behind auth-proxy
* pihole: replace oauth2-client with auth-proxy
* auth-proxy: fix upstream uri generation
* pihole: remove old chart using oauth2
* auth-proxy: remove temporary values file
* url-shortener: check x-user header for authentication
* auth: fix allowed_return_urls list
* auth-proxy: fix current address generation logic
---------
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/charts/ingress/.helmignore b/charts/ingress/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/ingress/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/ingress/Chart.yaml b/charts/ingress/Chart.yaml
new file mode 100644
index 0000000..28df2c4
--- /dev/null
+++ b/charts/ingress/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: rpuppy
+description: A Helm chart to configure ingress
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/ingress/templates/install.yaml b/charts/ingress/templates/install.yaml
new file mode 100644
index 0000000..173186c
--- /dev/null
+++ b/charts/ingress/templates/install.yaml
@@ -0,0 +1,33 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: ingress
+ namespace: {{ .Release.Namespace }}
+ {{- if .Values.certificateIssuer }}
+ annotations:
+ acme.cert-manager.io/http01-edit-in-place: "true"
+ cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }}
+ {{- end }}
+spec:
+ ingressClassName: {{ .Values.ingressClassName }}
+ {{- if .Values.certificateIssuer }}
+ tls:
+ - hosts:
+ - {{ .Values.domain }}
+ secretName: cert-rpuppy
+ {{- end }}
+ rules:
+ - host: {{ .Values.domain }}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Values.service.name }}
+ port:
+ {{- if .Values.service.port.name }}
+ name: {{ .Values.service.port.name }}
+ {{- else }}
+ number: {{ .Values.service.port.number }}
+ {{- end}}
diff --git a/charts/ingress/values.yaml b/charts/ingress/values.yaml
new file mode 100644
index 0000000..18477aa
--- /dev/null
+++ b/charts/ingress/values.yaml
@@ -0,0 +1,8 @@
+ingressClassName: ingress-public
+certificateIssuer: example-public
+domain: woof.example.com
+service:
+ name: woof
+ port:
+ number: 80
+ name: ""