commit 0ba5e4081640155aa4a356fa279c6d6bb9e55d90
author Giorgi Lekveishvili <giolekva@gmail.com> Wed Mar 20 15:56:30 2024 +0400
committer GitHub <noreply@github.com> Wed Mar 20 15:56:30 2024 +0400
tree 64cf73da6abcdf295404a76f7172151cd1a11c1b
parent d7744a6874c4eceeabf5011a18e68430725eed4d

auth-proxy: proxies only authenticated requests to upstream, redirects to login page otherwise (#103)

* auth-proxy: inspects authenticated user

* ingress: chart and use in rpuppy

* auth-proxy: make it optional in rpuppy

* kratos: whitelist env pub/priv domains for auth return_to addr

* url-shortener: put behind auth-proxy

* pihole: replace oauth2-client with auth-proxy

* auth-proxy: fix upstream uri generation

* pihole: remove old chart using oauth2

* auth-proxy: remove temporary values file

* url-shortener: check x-user header for authentication

* auth: fix allowed_return_urls list

* auth-proxy: fix current address generation logic

---------

Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>

charts/pihole/templates/podmonitor.yaml

diff --git a/charts/pihole/templates/podmonitor.yaml b/charts/pihole/templates/podmonitor.yaml
new file mode 100644
index 0000000..bb3be7d
--- /dev/null
+++ b/charts/pihole/templates/podmonitor.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.monitoring.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  labels:
+    app: {{ template "pihole.name" . }}
+    chart: {{ template "pihole.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    {{- with .Values.monitoring.podMonitor.labels }}
+    {{- . | toYaml | nindent 4 }}
+    {{- end }}
+  name: {{ template "pihole.fullname" . }}-prometheus-exporter
+{{- if .Values.monitoring.podMonitor.namespace }}
+  namespace: {{ .Values.monitoring.podMonitor.namespace }}
+{{- end }}
+spec:
+  podMetricsEndpoints:
+  - port: prometheus
+    path: /metrics
+{{- if .Values.monitoring.podMonitor.interval }}
+    interval: {{ .Values.monitoring.podMonitor.interval }}
+{{- end }}
+{{- if .Values.monitoring.podMonitor.bearerTokenFile }}
+    bearerTokenFile: {{ .Values.monitoring.podMonitor.bearerTokenFile }}
+{{- end }}
+{{- if .Values.monitoring.podMonitor.bearerTokenSecret }}
+    bearerTokenSecret:
+      name: {{ .Values.monitoring.podMonitor.bearerTokenSecret.name }}
+      key: {{ .Values.monitoring.podMonitor.bearerTokenSecret.key }}
+      {{- if .Values.monitoring.podMonitor.bearerTokenSecret.optional }}
+      optional: {{ .Values.monitoring.podMonitor.bearerTokenSecret.optional }}
+      {{- end }}
+{{- end }}
+  jobLabel: {{ template "pihole.fullname" . }}-prometheus-exporter
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app: {{ template "pihole.name" . }}
+      release: {{ .Release.Name }}
+{{- end }}