diff --git a/KubernetesDashboard/ingress.yaml b/KubernetesDashboard/ingress.yaml index fb3a7a2..4626aa2 100644 --- a/KubernetesDashboard/ingress.yaml +++ b/KubernetesDashboard/ingress.yaml @@ -5,6 +5,11 @@ kubernetes.io/ingress.class: "nginx" nginx.org/mergeale-ingress-type: "minion" nginx.ingress.kubernetes.io/rewrite-target: "/$2" + nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" + nginx.ingress.kubernetes.io/configuration-snippet: | + auth_request_set $token $upstream_http_authorization; + proxy_set_header Authorization $token; name: kubernetes-dashboard namespace: kubernetes-dashboard labels: diff --git a/KubernetesDashboard/ingress.yaml b/KubernetesDashboard/ingress.yaml index fb3a7a2..4626aa2 100644 --- a/KubernetesDashboard/ingress.yaml +++ b/KubernetesDashboard/ingress.yaml @@ -5,6 +5,11 @@ kubernetes.io/ingress.class: "nginx" nginx.org/mergeale-ingress-type: "minion" nginx.ingress.kubernetes.io/rewrite-target: "/$2" + nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" + nginx.ingress.kubernetes.io/configuration-snippet: | + auth_request_set $token $upstream_http_authorization; + proxy_set_header Authorization $token; name: kubernetes-dashboard namespace: kubernetes-dashboard labels: diff --git a/Oauth2Proxy/deployment.yaml b/Oauth2Proxy/deployment.yaml new file mode 100644 index 0000000..f37c5b2 --- /dev/null +++ b/Oauth2Proxy/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: oauth2-proxy + name: oauth2-proxy +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: oauth2-proxy + template: + metadata: + labels: + k8s-app: oauth2-proxy + spec: + containers: + - args: + - --provider=github + - --email-domain=* + - --upstream=file:///dev/null + - --http-address=0.0.0.0:4180 + # Register a new application + # https://github.com/settings/applications/new + env: + - name: OAUTH2_PROXY_CLIENT_ID + value: + - name: OAUTH2_PROXY_CLIENT_SECRET + value: + # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' + - name: OAUTH2_PROXY_COOKIE_SECRET + value: SECRET + image: quay.io/oauth2-proxy/oauth2-proxy:latest + imagePullPolicy: Always + name: oauth2-proxy + ports: + - containerPort: 4180 + protocol: TCP \ No newline at end of file diff --git a/KubernetesDashboard/ingress.yaml b/KubernetesDashboard/ingress.yaml index fb3a7a2..4626aa2 100644 --- a/KubernetesDashboard/ingress.yaml +++ b/KubernetesDashboard/ingress.yaml @@ -5,6 +5,11 @@ kubernetes.io/ingress.class: "nginx" nginx.org/mergeale-ingress-type: "minion" nginx.ingress.kubernetes.io/rewrite-target: "/$2" + nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" + nginx.ingress.kubernetes.io/configuration-snippet: | + auth_request_set $token $upstream_http_authorization; + proxy_set_header Authorization $token; name: kubernetes-dashboard namespace: kubernetes-dashboard labels: diff --git a/Oauth2Proxy/deployment.yaml b/Oauth2Proxy/deployment.yaml new file mode 100644 index 0000000..f37c5b2 --- /dev/null +++ b/Oauth2Proxy/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: oauth2-proxy + name: oauth2-proxy +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: oauth2-proxy + template: + metadata: + labels: + k8s-app: oauth2-proxy + spec: + containers: + - args: + - --provider=github + - --email-domain=* + - --upstream=file:///dev/null + - --http-address=0.0.0.0:4180 + # Register a new application + # https://github.com/settings/applications/new + env: + - name: OAUTH2_PROXY_CLIENT_ID + value: + - name: OAUTH2_PROXY_CLIENT_SECRET + value: + # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' + - name: OAUTH2_PROXY_COOKIE_SECRET + value: SECRET + image: quay.io/oauth2-proxy/oauth2-proxy:latest + imagePullPolicy: Always + name: oauth2-proxy + ports: + - containerPort: 4180 + protocol: TCP \ No newline at end of file diff --git a/Oauth2Proxy/ingress.yaml b/Oauth2Proxy/ingress.yaml new file mode 100644 index 0000000..109cb2d --- /dev/null +++ b/Oauth2Proxy/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + proxy_set_header X-Auth-Request-Redirect "https://kubernetes.jerxie.com/dashboard/"; + nginx.org/mergeable-ingress-type: minion + labels: + app: oauth2-proxy + name: oauth2-proxy +spec: + rules: + - host: kubernetes.jerxie.com + http: + paths: + - backend: + service: + name: oauth2-proxy + port: + number: 4180 + path: /oauth2 + pathType: Prefix \ No newline at end of file diff --git a/KubernetesDashboard/ingress.yaml b/KubernetesDashboard/ingress.yaml index fb3a7a2..4626aa2 100644 --- a/KubernetesDashboard/ingress.yaml +++ b/KubernetesDashboard/ingress.yaml @@ -5,6 +5,11 @@ kubernetes.io/ingress.class: "nginx" nginx.org/mergeale-ingress-type: "minion" nginx.ingress.kubernetes.io/rewrite-target: "/$2" + nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" + nginx.ingress.kubernetes.io/configuration-snippet: | + auth_request_set $token $upstream_http_authorization; + proxy_set_header Authorization $token; name: kubernetes-dashboard namespace: kubernetes-dashboard labels: diff --git a/Oauth2Proxy/deployment.yaml b/Oauth2Proxy/deployment.yaml new file mode 100644 index 0000000..f37c5b2 --- /dev/null +++ b/Oauth2Proxy/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: oauth2-proxy + name: oauth2-proxy +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: oauth2-proxy + template: + metadata: + labels: + k8s-app: oauth2-proxy + spec: + containers: + - args: + - --provider=github + - --email-domain=* + - --upstream=file:///dev/null + - --http-address=0.0.0.0:4180 + # Register a new application + # https://github.com/settings/applications/new + env: + - name: OAUTH2_PROXY_CLIENT_ID + value: + - name: OAUTH2_PROXY_CLIENT_SECRET + value: + # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' + - name: OAUTH2_PROXY_COOKIE_SECRET + value: SECRET + image: quay.io/oauth2-proxy/oauth2-proxy:latest + imagePullPolicy: Always + name: oauth2-proxy + ports: + - containerPort: 4180 + protocol: TCP \ No newline at end of file diff --git a/Oauth2Proxy/ingress.yaml b/Oauth2Proxy/ingress.yaml new file mode 100644 index 0000000..109cb2d --- /dev/null +++ b/Oauth2Proxy/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + proxy_set_header X-Auth-Request-Redirect "https://kubernetes.jerxie.com/dashboard/"; + nginx.org/mergeable-ingress-type: minion + labels: + app: oauth2-proxy + name: oauth2-proxy +spec: + rules: + - host: kubernetes.jerxie.com + http: + paths: + - backend: + service: + name: oauth2-proxy + port: + number: 4180 + path: /oauth2 + pathType: Prefix \ No newline at end of file diff --git a/Oauth2Proxy/kustomization.yaml b/Oauth2Proxy/kustomization.yaml new file mode 100644 index 0000000..378b3ca --- /dev/null +++ b/Oauth2Proxy/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubernetes-dashboard +resources: +- deployment.yaml +- service.yaml +- ingress.yaml + +patches: +- patch: |- + - op: replace + path: /spec/template/spec/containers/0/env + value: [] + - op: add + path: /spec/template/spec/containers/0/env/- + value: {name: "OAUTH2_PROXY_CLIENT_ID", value: "223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com"} + - op: add + path: /spec/template/spec/containers/0/env/- + value: {name: "OAUTH2_PROXY_CLIENT_SECRET", value: "aYc2j1lYUUZXkBFFUndnleZI"} + - op: add + path: /spec/template/spec/containers/0/env/- + value: {name: "OAUTH2_PROXY_COOKIE_SECRET", value: "ZzdDQ3NieUZmRCtmaHdGU09GOFVlQT09"} + - op: replace + path: /spec/template/spec/containers/0/args + value: [ '--provider=google', '--provider-display-name="Google OAuth2"', '--email-domain=*', '--upstream=file:///dev/null', '--http-address=0.0.0.0:4180', '--set-authorization-header=true', '--cookie-expire=4h0m0s'] + + target: + kind: Deployment + name: oauth2-proxy \ No newline at end of file diff --git a/KubernetesDashboard/ingress.yaml b/KubernetesDashboard/ingress.yaml index fb3a7a2..4626aa2 100644 --- a/KubernetesDashboard/ingress.yaml +++ b/KubernetesDashboard/ingress.yaml @@ -5,6 +5,11 @@ kubernetes.io/ingress.class: "nginx" nginx.org/mergeale-ingress-type: "minion" nginx.ingress.kubernetes.io/rewrite-target: "/$2" + nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth" + nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri" + nginx.ingress.kubernetes.io/configuration-snippet: | + auth_request_set $token $upstream_http_authorization; + proxy_set_header Authorization $token; name: kubernetes-dashboard namespace: kubernetes-dashboard labels: diff --git a/Oauth2Proxy/deployment.yaml b/Oauth2Proxy/deployment.yaml new file mode 100644 index 0000000..f37c5b2 --- /dev/null +++ b/Oauth2Proxy/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: oauth2-proxy + name: oauth2-proxy +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: oauth2-proxy + template: + metadata: + labels: + k8s-app: oauth2-proxy + spec: + containers: + - args: + - --provider=github + - --email-domain=* + - --upstream=file:///dev/null + - --http-address=0.0.0.0:4180 + # Register a new application + # https://github.com/settings/applications/new + env: + - name: OAUTH2_PROXY_CLIENT_ID + value: + - name: OAUTH2_PROXY_CLIENT_SECRET + value: + # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' + - name: OAUTH2_PROXY_COOKIE_SECRET + value: SECRET + image: quay.io/oauth2-proxy/oauth2-proxy:latest + imagePullPolicy: Always + name: oauth2-proxy + ports: + - containerPort: 4180 + protocol: TCP \ No newline at end of file diff --git a/Oauth2Proxy/ingress.yaml b/Oauth2Proxy/ingress.yaml new file mode 100644 index 0000000..109cb2d --- /dev/null +++ b/Oauth2Proxy/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + proxy_set_header X-Auth-Request-Redirect "https://kubernetes.jerxie.com/dashboard/"; + nginx.org/mergeable-ingress-type: minion + labels: + app: oauth2-proxy + name: oauth2-proxy +spec: + rules: + - host: kubernetes.jerxie.com + http: + paths: + - backend: + service: + name: oauth2-proxy + port: + number: 4180 + path: /oauth2 + pathType: Prefix \ No newline at end of file diff --git a/Oauth2Proxy/kustomization.yaml b/Oauth2Proxy/kustomization.yaml new file mode 100644 index 0000000..378b3ca --- /dev/null +++ b/Oauth2Proxy/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubernetes-dashboard +resources: +- deployment.yaml +- service.yaml +- ingress.yaml + +patches: +- patch: |- + - op: replace + path: /spec/template/spec/containers/0/env + value: [] + - op: add + path: /spec/template/spec/containers/0/env/- + value: {name: "OAUTH2_PROXY_CLIENT_ID", value: "223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com"} + - op: add + path: /spec/template/spec/containers/0/env/- + value: {name: "OAUTH2_PROXY_CLIENT_SECRET", value: "aYc2j1lYUUZXkBFFUndnleZI"} + - op: add + path: /spec/template/spec/containers/0/env/- + value: {name: "OAUTH2_PROXY_COOKIE_SECRET", value: "ZzdDQ3NieUZmRCtmaHdGU09GOFVlQT09"} + - op: replace + path: /spec/template/spec/containers/0/args + value: [ '--provider=google', '--provider-display-name="Google OAuth2"', '--email-domain=*', '--upstream=file:///dev/null', '--http-address=0.0.0.0:4180', '--set-authorization-header=true', '--cookie-expire=4h0m0s'] + + target: + kind: Deployment + name: oauth2-proxy \ No newline at end of file diff --git a/Oauth2Proxy/service.yaml b/Oauth2Proxy/service.yaml new file mode 100644 index 0000000..b9290a4 --- /dev/null +++ b/Oauth2Proxy/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: oauth2-proxy + name: oauth2-proxy +spec: + ports: + - name: http + port: 4180 + protocol: TCP + targetPort: 4180 + selector: + k8s-app: oauth2-proxy \ No newline at end of file