auth-proxy: proxies only authenticated requests to upstream, redirects to login page otherwise (#103)
* auth-proxy: inspects authenticated user
* ingress: chart and use in rpuppy
* auth-proxy: make it optional in rpuppy
* kratos: whitelist env pub/priv domains for auth return_to addr
* url-shortener: put behind auth-proxy
* pihole: replace oauth2-client with auth-proxy
* auth-proxy: fix upstream uri generation
* pihole: remove old chart using oauth2
* auth-proxy: remove temporary values file
* url-shortener: check x-user header for authentication
* auth: fix allowed_return_urls list
* auth-proxy: fix current address generation logic
---------
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/charts/url-shortener/templates/install.yaml b/charts/url-shortener/templates/install.yaml
index 5e96fea..e562b02 100644
--- a/charts/url-shortener/templates/install.yaml
+++ b/charts/url-shortener/templates/install.yaml
@@ -8,40 +8,10 @@
selector:
app: url-shortener
ports:
- - name: http
+ - name: {{ .Values.portName }}
protocol: TCP
port: 80
- targetPort: {{ .Values.port }}
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: ingress
- namespace: {{ .Release.Namespace }}
-{{- if .Values.certificateIssuer }}
- annotations:
- acme.cert-manager.io/http01-edit-in-place: "true"
- cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer }}
-{{- end }}
-spec:
- ingressClassName: {{ .Values.ingressClassName }}
-{{- if .Values.certificateIssuer }}
- tls:
- - hosts:
- - {{ .Values.domain }}
- secretName: cert-url-shortener
-{{- end }}
- rules:
- - host: {{ .Values.domain }}
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: url-shortener
- port:
- name: http
+ targetPort: {{ .Values.portName }}
---
apiVersion: apps/v1
kind: Deployment
@@ -62,12 +32,12 @@
- name: url-shortener
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
ports:
- - name: http
- containerPort: {{ .Values.port }}
+ - name: {{ .Values.portName }}
+ containerPort: 8080
protocol: TCP
command:
- url-shortener
- - --port={{ .Values.port }}
+ - --port=8080
- --db-path=/data/urls.db
volumeMounts:
- name: url-shortener
diff --git a/charts/url-shortener/values.yaml b/charts/url-shortener/values.yaml
index a62dc10..3b0d837 100644
--- a/charts/url-shortener/values.yaml
+++ b/charts/url-shortener/values.yaml
@@ -1,11 +1,7 @@
image:
repository: giolekva/url-shortener
- name: url-shortener
tag: latest
pullPolicy: Always
-ingressClassName: ingress-public
-certificateIssuer: example-public
-domain: url-shortener.example.com
storage:
size: 1Gi
-port: 8080
+portName: http