Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 0c6b324af80de6ccca61675e2fbfff304f26767b / . / charts / pihole / templates / oauth2-proxy-config.yaml
blob: 5aebbb0d669440a4d43cc2eda8b18eaabee04a93 [file] [log] [blame]
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]1apiVersion: dodo.cloud.dodo.cloud/v1
2kind: ResourceRenderer
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]3metadata:
Giorgi Lekveishvili38496bb2023-06-13 18:56:39 +0400[diff] [blame]4 name: config-renderer
5 namespace: {{ .Release.Namespace }}
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]6spec:
7 secretName: {{ .Values.oauth2.secretName }}
8 resourceTemplate: |
9 apiVersion: v1
10 kind: ConfigMap
11 metadata:
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame^]12 name: {{ .Values.configName }}
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]13 namespace: {{ .Release.Namespace }}
14 data:
15 oauth2-proxy.cfg: |
16 http_address = "0.0.0.0:8080"
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]17
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]18 reverse_proxy = true
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]19
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]20 ## the OAuth Redirect URL.
21 # defaults to the "https://" + requested host header + "/oauth2/callback"
22 # redirect_url = "http://pihole.pcloud/oauth2/callback"
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]23
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]24 upstreams = [
25 "http://pihole-web.{{ .Release.Namespace}}.svc"
26 ]
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]27
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]28 email_domains = [
29 "*"
30 ]
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]31
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]32 standard_logging = false
33 request_logging = false
34 auth_logging = false
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]35
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]36 pass_basic_auth = true
37 pass_user_headers = true
38 pass_host_header = true
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]39
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]40 ## The OAuth Client ID, Secret
Giorgi Lekveishvili38496bb2023-06-13 18:56:39 +0400[diff] [blame]41 client_id = "{{`{{ .client_id }}`}}"
42 client_secret = "{{`{{ .client_secret }}`}}"
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]43
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]44 ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
45 pass_access_token = false
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]46
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]47 cookie_name = "_oauth2_proxy_pihole"
48 cookie_secret = "{{ .Values.oauth2.cookieSecret }}"
49 cookie_domains = "{{ .Values.domain }}"
50 cookie_expire = "168h"
51 cookie_refresh = "100h"
52 cookie_secure = true
53 cookie_httponly = true
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]54
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]55 provider = "oidc"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame^]56 oidc_issuer_url = "{{ .Values.oauth2.issuer }}"
Giorgi Lekveishvili1ff37fb2023-06-13 18:27:24 +0400[diff] [blame]57 provider_display_name = "PCloud"
58 profile_url = "{{ .Values.profileUrl }}"