go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-25 12:24:41 +02:00
Code Issues Releases Activity

chore: Added renovate configuration

Browse Source
This commit is contained in:
kvanzuijlen 2024-01-27 09:57:42 +01:00
parent 84e1cc24e3
commit dd5576f2b2
No known key found for this signature in database
GPG Key ID: 3BD884D2AE99AD59
20 changed files with 2114 additions and 2251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/labeler.yml vendored
View File

@ -9,7 +9,7 @@ docs:
- '**/*.md'
changelog:
- cNhanged-files:
- changed-files:
- any-glob-to-any-file:
- 'CHAGELOG.md'

35
.github/renovate.json5 vendored
View File

@ -1,12 +1,31 @@
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
semanticCommits: "auto",
semanticCommits: "enabled",
schedule: [
"after 8am on sunday"
],
prConcurrentLimit: 0,
prHourlyLimit: 0,
enabledManagers: [
"dockerfile",
"docker-compose",
"gomod",
"github-actions",
"helmv3",
"npm",
"regex",
"regex"
],
packageRules: [
{
matchManagers: [
"dockerfile",
"docker-compose",
"gomod",
"helmv3",
"npm"
],
groupName: "{{{manager}}}"
}
],
customManagers: [
{
@ -18,7 +37,15 @@
"DOCKER_BUILD_RUNTIME_IMAGE_ALPINE\\s+?\\?= alpine:(?<currentValue>.*)\\s"
],
depNameTemplate: "alpine",
datasourceTemplate: "docker",
datasourceTemplate: "docker"
},
],
{
customType: "regex",
fileMatch: ["(^|/)\\.github/workflows/[^/]+\\.ya?ml$", "(^|/)\\.github/[^/]+\\.sh$"],
matchStrings: [
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s+?[\\w\\s-]*?version: (?<currentValue>.*)\\s",
"# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s+?[\\w\\s]*?_VERSION: (?<currentValue>.*)\\s"
]
}
]
}

14
.github/workflows/ci.yaml vendored
View File

@ -14,21 +14,25 @@ jobs:
build:
env:
COVER: true
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set up Go 1.21
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21
# renovate: datasource=golang-version depName=golang
go-version: 1.21.6
id: go
- name: Get dependencies
env:
# renovate: datasource=github-tags depName=golangci/golangci-lint
GOLANGCI_LINT_VERSION: v1.55.2
run: |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
chmod +x ./cc-test-reporter
@ -51,7 +55,7 @@ jobs:
./.github/workflows/test.sh
docker:
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
steps:
- name: Check out code

3
.github/workflows/create-release.yml vendored
View File

@ -56,7 +56,8 @@ jobs:
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: latest
# renovate: datasource=node-version depName=node
node-version: 20
- name: Update documentation
run: |

2
.github/workflows/docs.yaml vendored
View File

@ -22,6 +22,7 @@ jobs:
- uses: actions/setup-node@v4
with:
# renovate: datasource=node-version depName=node
node-version: 20
cache: npm
cache-dependency-path: "./docs/package-lock.json"
@ -40,6 +41,7 @@ jobs:
- uses: actions/setup-node@v4
with:
# renovate: datasource=node-version depName=node
node-version: 20
- name: Build docusaurus

12
.github/workflows/publish-release.yml vendored
View File

@ -45,12 +45,18 @@ jobs:
- name: Set up go
uses: actions/setup-go@v5
with:
go-version: 1.21
# renovate: datasource=golang-version depName=golang
go-version: 1.21.6
- name: Get dependencies
env:
# renovate: datasource=github-tags depName=golangci/golangci-lint
GOLANGCI_LINT_VERSION: v1.55.2
# renovate: datasource=github-tags depName=codeclimate/test-reporter
CODECLIMATE_VERSION: v0.11.1
run: |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.50.0
curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-${CODECLIMATE_VERSION}-linux-amd64 > ./cc-test-reporter
chmod +x ./cc-test-reporter
# Install go depedencies

6
contrib/local-environment/docker-compose-gitea.yaml
View File

@ -14,7 +14,7 @@ version: '3.0'
services:
oauth2-proxy:
container_name: oauth2-proxy
image: gitea-oauth #quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
command: --config /oauth2-proxy.cfg
hostname: oauth2-proxy
volumes:
@ -32,7 +32,7 @@ services:
httpbin:
container_name: httpbin
image: kennethreitz/httpbin:latest
image: kennethreitz/httpbin
hostname: httpbin
ports:
- 8080:80
@ -42,7 +42,7 @@ services:
- httpbin.localtest.me
gitea:
image: gitea/gitea:latest
image: gitea/gitea:1.21.4
container_name: gitea
environment:
- USER_UID=1000

2
contrib/local-environment/docker-compose-keycloak.yaml
View File

@ -43,7 +43,7 @@ services:
keycloak:
container_name: keycloak
image: jboss/keycloak:10.0.0
image: jboss/keycloak:10.0.2
hostname: keycloak
command:
[

2
contrib/local-environment/docker-compose-nginx.yaml
View File

@ -30,7 +30,7 @@ services:
oauth2-proxy: {}
nginx:
container_name: nginx
image: nginx:1.18
image: nginx:1.25
restart: unless-stopped
ports:
- 80:80/tcp

2
contrib/local-environment/docker-compose-traefik.yaml
View File

@ -33,7 +33,7 @@ services:
# Reverse proxy
gateway:
container_name: traefik
image: traefik:2.4.2
image: traefik:2.10.7
volumes:
- "./traefik:/etc/traefik"
ports:

4
contrib/local-environment/docker-compose.yaml
View File

@ -29,7 +29,7 @@ services:
- httpbin
dex:
container_name: dex
image: ghcr.io/dexidp/dex:v2.30.3
image: ghcr.io/dexidp/dex:v2.38.0
command: dex serve /dex.yaml
hostname: dex
volumes:
@ -55,7 +55,7 @@ services:
- httpbin.localtest.me
etcd:
container_name: etcd
image: gcr.io/etcd-development/etcd:v3.4.7
image: gcr.io/etcd-development/etcd:v3.5.11
entrypoint: /usr/local/bin/etcd
command:
- --listen-client-urls=http://0.0.0.0:2379

3573
contrib/local-environment/keycloak/master-realm.json
View File

File diff suppressed because it is too large Load Diff

59
contrib/local-environment/keycloak/master-users-0.json
View File

@ -1,27 +1,38 @@
{
"realm" : "master",
"users" : [ {
"id" : "3356c0a0-d4d5-4436-9c5a-2299c71c08ec",
"createdTimestamp" : 1591297959169,
"username" : "admin@example.com",
"email" : "admin@example.com",
"enabled" : true,
"totp" : false,
"emailVerified" : true,
"credentials" : [ {
"id" : "a1a06ecd-fdc0-4e67-92cd-2da22d724e32",
"type" : "password",
"createdDate" : 1591297959315,
"secretData" : "{\"value\":\"6rt5zuqHVHopvd0FTFE0CYadXTtzY0mDY2BrqnNQGS51/7DfMJeGgj0roNnGMGvDv30imErNmiSOYl+cL9jiIA==\",\"salt\":\"LI0kqr09JB7J9wvr2Hxzzg==\"}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "offline_access", "admin", "uma_authorization" ],
"clientRoles" : {
"account" : [ "view-profile", "manage-account" ]
"realm": "master",
"users": [
{
"id": "3356c0a0-d4d5-4436-9c5a-2299c71c08ec",
"createdTimestamp": 1591297959169,
"username": "admin@example.com",
"email": "admin@example.com",
"enabled": true,
"totp": false,
"emailVerified": true,
"credentials": [
{
"id": "a1a06ecd-fdc0-4e67-92cd-2da22d724e32",
"type": "password",
"createdDate": 1591297959315,
"secretData": "{\"value\":\"6rt5zuqHVHopvd0FTFE0CYadXTtzY0mDY2BrqnNQGS51/7DfMJeGgj0roNnGMGvDv30imErNmiSOYl+cL9jiIA==\",\"salt\":\"LI0kqr09JB7J9wvr2Hxzzg==\"}",
"credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}"
}
],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": [
"offline_access",
"admin",
"uma_authorization"
],
"clientRoles": {
"account": [
"view-profile",
"manage-account"
]
},
"notBefore" : 0,
"groups" : [ ]
} ]
"notBefore": 0,
"groups": []
}
]
}

16
contrib/local-environment/kubernetes/Chart.lock
View File

@ -1,15 +1,15 @@
dependencies:
- name: dex
repository: https://charts.helm.sh/stable
version: 2.11.0
repository: https://charts.dexidp.io
version: 0.16.0
- name: oauth2-proxy
repository: https://charts.helm.sh/stable
version: 3.1.0
repository: https://oauth2-proxy.github.io/manifests
version: 6.23.1
- name: httpbin
repository: https://conservis.github.io/helm-charts
version: 1.0.1
version: 1.1.0
- name: hello-world
repository: https://conservis.github.io/helm-charts
version: 1.0.1
digest: sha256:e325948ece1706bd9d9e439568985db41e9a0d57623d0f9638249cb0d23821b8
generated: "2020-11-23T11:45:07.908898-08:00"
version: 1.1.0
digest: sha256:00b9fe9ea476c873550f9ee1feef25f789053cd7333e68b1116212840dead0fb
generated: "2024-01-27T09:00:30.255018+01:00"

15
contrib/local-environment/kubernetes/Chart.yaml
View File

@ -1,19 +1,18 @@
apiVersion: v2
description: K8S example based on https://kind.sigs.k8s.io
name: kubernetes
version: 5.1.1
appVersion: 5.1.1
dependencies:
- name: dex
version: 2.11.0
repository: https://charts.helm.sh/stable
version: 0.16.0
repository: https://charts.dexidp.io
- name: oauth2-proxy
version: 3.1.0
repository: https://charts.helm.sh/stable
version: &chartVersion 6.23.1
repository: https://oauth2-proxy.github.io/manifests
# https://github.com/postmanlabs/httpbin/issues/549 is still in progress, for now using a non-official chart
- name: httpbin
version: 1.0.1
version: 1.1.0
repository: https://conservis.github.io/helm-charts
- name: hello-world
version: 1.0.1
version: 1.1.0
repository: https://conservis.github.io/helm-charts
version: *chartVersion

12
contrib/local-environment/kubernetes/Makefile
View File

@ -30,15 +30,13 @@ delete-cluster:
kind delete cluster --name oauth2-proxy
.PHONY: deploy
deploy:
kubectl apply -f oauth2-proxy-example-full.yaml
deploy: helm-deploy
kubectl rollout status --timeout 5m deployment/oauth2-proxy-example-oauth2-proxy-sample
kubectl rollout status --timeout 1m deployment/oauth2-proxy-example-httpbin
kubectl rollout status --timeout 1m deployment/oauth2-proxy-example-hello-world
.PHONY: undeploy
undeploy:
kubectl delete -f oauth2-proxy-example-full.yaml
undeploy: helm-undeploy
######################
###### HELM CMDs #####
@ -59,9 +57,3 @@ helm-deploy: helm-init
.PHONY: helm-undeploy
helm-undeploy:
helm del oauth2-proxy-example
# creates K8S manifest from helm chart
.PHONY: helm-create-manifest
helm-create-manifest: helm-init
echo "# WARNING: This file is auto-generated by 'make helm-create-manifest'! DO NOT EDIT MANUALLY!" > oauth2-proxy-example-full.yaml
helm template --namespace default oauth2-proxy-example . >> oauth2-proxy-example-full.yaml

6
contrib/local-environment/kubernetes/README.md
View File

@ -8,14 +8,12 @@ Before you start:
_Required_
* install [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
* install [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
_Optional_
* install [helm 3](https://helm.sh/docs/intro/quickstart/#install-helm).
* install [helm](https://helm.sh/docs/intro/quickstart/#install-helm).
Then:
* `make create-cluster`
* `make deploy` OR `make helm-deploy` for helm
* `make deploy`
Visit http://httpbin.localtest.me or http://hello-world.localtest.me/

8
contrib/local-environment/kubernetes/custom-dns.yaml
View File

@ -1,4 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
@ -24,7 +28,3 @@ data:
fallthrough
}
}
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system

2
contrib/local-environment/kubernetes/kind-cluster.yaml
View File

@ -1,5 +1,5 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
kind: Cluster
nodes:
- role: control-plane
kubeadmConfigPatches:

564
contrib/local-environment/kubernetes/oauth2-proxy-example-full.yaml
View File

@ -1,564 +0,0 @@
# WARNING: This file is auto-generated by 'make helm-create-manifest'! DO NOT EDIT MANUALLY!
---
# Source: kubernetes/charts/dex/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: dex
helm.sh/chart: dex-2.11.0
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "2.23.0"
app.kubernetes.io/managed-by: Helm
name: oauth2-proxy-example-dex
---
# Source: kubernetes/charts/hello-world/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: oauth2-proxy-example-hello-world
labels:
helm.sh/chart: hello-world-1.0.1
app.kubernetes.io/name: hello-world
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "1.0.0"
app.kubernetes.io/managed-by: Helm
---
# Source: kubernetes/charts/httpbin/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: oauth2-proxy-example-httpbin
labels:
helm.sh/chart: httpbin-1.0.1
app.kubernetes.io/name: httpbin
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "latest"
app.kubernetes.io/managed-by: Helm
---
# Source: kubernetes/charts/oauth2-proxy/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: oauth2-proxy-sample
chart: oauth2-proxy-3.1.0
release: oauth2-proxy-example
heritage: Helm
name: oauth2-proxy-example-oauth2-proxy-sample
---
# Source: kubernetes/charts/dex/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/name: dex
helm.sh/chart: dex-2.11.0
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "2.23.0"
app.kubernetes.io/managed-by: Helm
name: oauth2-proxy-example-dex
stringData:
config.yaml: |-
issuer: http://dex.localtest.me
storage:
config:
inCluster: true
type: kubernetes
logger:
level: debug
web:
http: 0.0.0.0:5556
oauth2:
alwaysShowLoginScreen: false
skipApprovalScreen: true
staticClients:
- id: oauth2-proxy
name: OAuth2 Proxy
redirectURIs:
- http://oauth2-proxy.localtest.me/oauth2/callback
secret: b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK
enablePasswordDB: true
staticPasswords:
- email: admin@example.com
hash: $2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W
userID: 08a8684b-db88-4b73-90a9-3cd1661f5466
username: admin
expiry:
idTokens: 1h
signingKeys: 4h
---
# Source: kubernetes/charts/oauth2-proxy/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: oauth2-proxy-sample
chart: oauth2-proxy-3.1.0
heritage: Helm
release: oauth2-proxy-example
name: oauth2-proxy-example-oauth2-proxy-sample
data:
oauth2_proxy.cfg: "cookie_secret=\"OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=\"\ncookie_domain=\".localtest.me\"\nwhitelist_domains=[\".localtest.me\"]\n# only users with this domain will be let in\nemail_domains=[\"example.com\"]\n\nclient_id=\"oauth2-proxy\"\nclient_secret=\"b2F1dGgyLXByb3h5LWNsaWVudC1zZWNyZXQK\"\ncookie_secure=\"false\"\n\nredirect_url=\"http://oauth2-proxy.localtest.me/oauth2/callback\"\n\n# we don't want to proxy anything so pick a non-existent directory\nupstreams = [ \"file:///dev/null\" ]\n\n# return authenticated user to nginx\nset_xauthrequest = true\n# using http://dex.localtest.me/.well-known/openid-configuration oauth2-proxy will populate\n# login_url, redeem_url, and oidc_jwks_url\nprovider=\"oidc\"\noidc_issuer_url=\"http://dex.localtest.me\""
---
# Source: kubernetes/charts/dex/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: dex
helm.sh/chart: dex-2.11.0
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "2.23.0"
app.kubernetes.io/managed-by: Helm
name: oauth2-proxy-example-dex
rules:
- apiGroups: ["dex.coreos.com"] # API group created by dex
resources: ["*"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create"] # To manage its own resources, dex must be able to create customresourcedefinitions
---
# Source: kubernetes/charts/dex/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: dex
helm.sh/chart: dex-2.11.0
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "2.23.0"
app.kubernetes.io/managed-by: Helm
name: oauth2-proxy-example-dex
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: oauth2-proxy-example-dex
subjects:
- kind: ServiceAccount
name: oauth2-proxy-example-dex
namespace: default
---
# Source: kubernetes/charts/dex/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: oauth2-proxy-example-dex
labels:
app.kubernetes.io/name: dex
helm.sh/chart: dex-2.11.0
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "2.23.0"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
sessionAffinity: None
ports:
- name: http
targetPort: http
port: 32000
selector:
app.kubernetes.io/name: dex
app.kubernetes.io/instance: oauth2-proxy-example
---
# Source: kubernetes/charts/hello-world/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: oauth2-proxy-example-hello-world
labels:
helm.sh/chart: hello-world-1.0.1
app.kubernetes.io/name: hello-world
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "1.0.0"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 9080
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: hello-world
app.kubernetes.io/instance: oauth2-proxy-example
---
# Source: kubernetes/charts/httpbin/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: oauth2-proxy-example-httpbin
labels:
helm.sh/chart: httpbin-1.0.1
app.kubernetes.io/name: httpbin
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "latest"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: httpbin
app.kubernetes.io/instance: oauth2-proxy-example
---
# Source: kubernetes/charts/oauth2-proxy/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: oauth2-proxy-sample
chart: oauth2-proxy-3.1.0
release: oauth2-proxy-example
heritage: Helm
name: oauth2-proxy-example-oauth2-proxy-sample
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
selector:
app: oauth2-proxy-sample
release: oauth2-proxy-example
---
# Source: kubernetes/charts/dex/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: oauth2-proxy-example-dex
labels:
app.kubernetes.io/name: dex
helm.sh/chart: dex-2.11.0
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "2.23.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: dex
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: dex
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/component: dex
template:
metadata:
labels:
app.kubernetes.io/name: dex
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/component: dex
annotations:
checksum/config: 185f32cfabdf4f7467868dc301d4bd33e68951e12eddeb69f23ebc1d0f91ba28
spec:
serviceAccountName: oauth2-proxy-example-dex
nodeSelector:
{}
containers:
- name: main
image: "quay.io/dexidp/dex:v2.23.0"
imagePullPolicy: IfNotPresent
command:
- /usr/local/bin/dex
- serve
- /etc/dex/cfg/config.yaml
resources:
null
ports:
- name: http
containerPort: 5556
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 1
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 1
readinessProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 1
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 1
env:
[]
volumeMounts:
- mountPath: /etc/dex/cfg
name: config
volumes:
- secret:
defaultMode: 420
items:
- key: config.yaml
path: config.yaml
secretName: oauth2-proxy-example-dex
name: config
---
# Source: kubernetes/charts/hello-world/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: oauth2-proxy-example-hello-world
labels:
helm.sh/chart: hello-world-1.0.1
app.kubernetes.io/name: hello-world
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "1.0.0"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: hello-world
app.kubernetes.io/instance: oauth2-proxy-example
template:
metadata:
labels:
app.kubernetes.io/name: hello-world
app.kubernetes.io/instance: oauth2-proxy-example
spec:
serviceAccountName: oauth2-proxy-example-hello-world
securityContext:
{}
containers:
- name: hello-world
securityContext:
{}
image: "conservis/hello-world:1.0.0"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 9080
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{}
---
# Source: kubernetes/charts/httpbin/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: oauth2-proxy-example-httpbin
labels:
helm.sh/chart: httpbin-1.0.1
app.kubernetes.io/name: httpbin
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "latest"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: httpbin
app.kubernetes.io/instance: oauth2-proxy-example
template:
metadata:
labels:
app.kubernetes.io/name: httpbin
app.kubernetes.io/instance: oauth2-proxy-example
spec:
serviceAccountName: oauth2-proxy-example-httpbin
securityContext:
{}
containers:
- name: httpbin
securityContext:
{}
image: "kennethreitz/httpbin:latest"
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{}
---
# Source: kubernetes/charts/oauth2-proxy/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: oauth2-proxy-sample
chart: oauth2-proxy-3.1.0
heritage: Helm
release: oauth2-proxy-example
name: oauth2-proxy-example-oauth2-proxy-sample
spec:
replicas: 1
selector:
matchLabels:
app: oauth2-proxy-sample
release: oauth2-proxy-example
template:
metadata:
annotations:
checksum/config: 5d8892a7b1d9eb03f9d59b787ce339b374fa2be51991e4e7533cb0a541984fac
checksum/config-emails: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
checksum/secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
checksum/google-secret: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
labels:
app: oauth2-proxy-sample
release: "oauth2-proxy-example"
spec:
serviceAccountName: oauth2-proxy-example-oauth2-proxy-sample
containers:
- name: oauth2-proxy
image: "quay.io/pusher/oauth2_proxy:v5.1.0"
imagePullPolicy: IfNotPresent
args:
- --http-address=0.0.0.0:4180
- --config=/etc/oauth2_proxy/oauth2_proxy.cfg
ports:
- containerPort: 4180
name: http
protocol: TCP
livenessProbe:
httpGet:
path: /ping
port: http
scheme: HTTP
initialDelaySeconds: 0
timeoutSeconds: 1
readinessProbe:
httpGet:
path: /ready
port: http
scheme: HTTP
initialDelaySeconds: 0
timeoutSeconds: 5
successThreshold: 1
periodSeconds: 10
resources:
{}
volumeMounts:
- mountPath: /etc/oauth2_proxy
name: configmain
volumes:
- configMap:
defaultMode: 420
name: oauth2-proxy-example-oauth2-proxy-sample
name: configmain
tolerations:
[]
---
# Source: kubernetes/charts/dex/templates/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: oauth2-proxy-example-dex
labels:
app.kubernetes.io/name: dex
helm.sh/chart: dex-2.11.0
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "2.23.0"
app.kubernetes.io/managed-by: Helm
spec:
rules:
- host: "dex.localtest.me"
http:
paths:
- path: /
backend:
serviceName: oauth2-proxy-example-dex
servicePort: 32000
---
# Source: kubernetes/charts/hello-world/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: oauth2-proxy-example-hello-world
labels:
helm.sh/chart: hello-world-1.0.1
app.kubernetes.io/name: hello-world
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "1.0.0"
app.kubernetes.io/managed-by: Helm
annotations:
nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Request-User,X-Auth-Request-Email
nginx.ingress.kubernetes.io/auth-signin: http://oauth2-proxy.localtest.me/oauth2/start
nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy-example-oauth2-proxy-sample.default.svc.cluster.local/oauth2/auth
spec:
rules:
- host: hello-world.localtest.me
http:
paths:
- path: /
backend:
serviceName: oauth2-proxy-example-hello-world
servicePort: 9080
---
# Source: kubernetes/charts/httpbin/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: oauth2-proxy-example-httpbin
labels:
helm.sh/chart: httpbin-1.0.1
app.kubernetes.io/name: httpbin
app.kubernetes.io/instance: oauth2-proxy-example
app.kubernetes.io/version: "latest"
app.kubernetes.io/managed-by: Helm
annotations:
nginx.ingress.kubernetes.io/auth-response-headers: X-Auth-Request-User,X-Auth-Request-Email
nginx.ingress.kubernetes.io/auth-signin: http://oauth2-proxy.localtest.me/oauth2/start
nginx.ingress.kubernetes.io/auth-url: http://oauth2-proxy-example-oauth2-proxy-sample.default.svc.cluster.local/oauth2/auth
spec:
rules:
- host: httpbin.localtest.me
http:
paths:
- path: /
backend:
serviceName: oauth2-proxy-example-httpbin
servicePort: 80
---
# Source: kubernetes/charts/oauth2-proxy/templates/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
app: oauth2-proxy-sample
chart: oauth2-proxy-3.1.0
heritage: Helm
release: oauth2-proxy-example
name: oauth2-proxy-example-oauth2-proxy-sample
annotations:
nginx.ingress.kubernetes.io/server-snippet: |
large_client_header_buffers 4 32k;
spec:
rules:
- host: oauth2-proxy.localtest.me
http:
paths:
- path: /
backend:
serviceName: oauth2-proxy-example-oauth2-proxy-sample
servicePort: 80