auth-proxy: proxies only authenticated requests to upstream, redirects to login page otherwise (#103)
* auth-proxy: inspects authenticated user
* ingress: chart and use in rpuppy
* auth-proxy: make it optional in rpuppy
* kratos: whitelist env pub/priv domains for auth return_to addr
* url-shortener: put behind auth-proxy
* pihole: replace oauth2-client with auth-proxy
* auth-proxy: fix upstream uri generation
* pihole: remove old chart using oauth2
* auth-proxy: remove temporary values file
* url-shortener: check x-user header for authentication
* auth: fix allowed_return_urls list
* auth-proxy: fix current address generation logic
---------
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/charts/rpuppy/templates/install.yaml b/charts/rpuppy/templates/install.yaml
index c7c3800..5cde9c9 100644
--- a/charts/rpuppy/templates/install.yaml
+++ b/charts/rpuppy/templates/install.yaml
@@ -8,55 +8,10 @@
selector:
app: rpuppy
ports:
- - name: http
+ - name: {{ .Values.portName }}
port: 80
- targetPort: http
+ targetPort: {{ .Values.portName }}
protocol: TCP
-# ---
-# apiVersion: cert-manager.io/v1
-# kind: Certificate
-# metadata:
-# name: rpuppy
-# namespace: {{ .Release.Namespace }}
-# # annotations:
-# # helm.sh/resource-policy: keep
-# spec:
-# secretName: cert-rpuppy
-# dnsNames:
-# - {{ .Values.domain }}
-# issuerRef:
-# kind: ClusterIssuer
-# name: {{ .Values.certificateIssuer}}
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: ingress
- namespace: {{ .Release.Namespace }}
- {{- if .Values.certificateIssuer }}
- annotations:
- acme.cert-manager.io/http01-edit-in-place: "true"
- cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }}
- {{- end }}
-spec:
- ingressClassName: {{ .Values.ingressClassName }}
- {{- if .Values.certificateIssuer }}
- tls:
- - hosts:
- - {{ .Values.domain }}
- secretName: cert-rpuppy
- {{- end }}
- rules:
- - host: {{ .Values.domain }}
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: rpuppy
- port:
- name: http
---
apiVersion: apps/v1
kind: Deployment
@@ -78,10 +33,12 @@
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- - name: http
+ - name: {{ .Values.portName }}
containerPort: 8080
protocol: TCP
- command: ["rpuppy", "--port=8080"]
+ command:
+ - rpuppy
+ - --port=8080
resources:
requests:
memory: "10Mi"
diff --git a/charts/rpuppy/values.yaml b/charts/rpuppy/values.yaml
index c53fccb..0830d1e 100644
--- a/charts/rpuppy/values.yaml
+++ b/charts/rpuppy/values.yaml
@@ -2,6 +2,4 @@
repository: giolekva/rpuppy
tag: latest
pullPolicy: Always
-ingressClassName: ingress-public
-certificateIssuer: example-public
-domain: woof.example.com
+portName: http