This repository has been archived by the owner on Jan 31, 2020. It is now read-only.
/
traefik-forward-auth.yaml
73 lines (73 loc) · 2.26 KB
/
traefik-forward-auth.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
apiVersion: kubeaddons.mesosphere.io/v1alpha1
kind: Addon
metadata:
name: traefik-forward-auth
namespace: kubeaddons
annotations:
catalog.kubeaddons.mesosphere.io/addon-revision: "1.0.4-1"
spec:
kubernetes:
minSupportedVersion: v1.15.0
requires:
matchLabels:
kubeaddons.mesosphere.io/name: dex
chartReference:
chart: traefik-forward-auth
repo: https://mesosphere.github.io/charts/staging
version: 0.2.3
values: |
---
replicaCount: 1
image:
repository: mesosphere/traefik-forward-auth
tag: 1.0.4
pullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 128Mi
service:
type: ClusterIP
port: 4181
traefikForwardAuth:
# oidcUri will be overridden by the init-container
oidcUri: "https://dex-kubeaddons.kubeaddons.svc.cluster.local:8080/dex"
clientId: traefik-forward-auth
clientSecret:
valueFrom:
secretKeyRef:
name: dex-client-secret-traefik-forward-auth
key: client_secret
cookieSecure: true
userCookieName: "konvoy_profile_name"
allowedUser:
valueFrom:
secretKeyRef:
name: ops-portal-credentials
key: username
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
ingress.kubernetes.io/protocol: https
traefik.ingress.kubernetes.io/auth-type: forward
traefik.ingress.kubernetes.io/auth-url: http://traefik-forward-auth-kubeaddons.kubeaddons.svc.cluster.local:4181/
paths:
- /_oauth
hosts:
- ""
tls: []
initContainers:
# initialize-traefik-forward-auth deploys credentials for use by the proxy
- name: initialize-traefik-forward-auth
image: mesosphere/kubeaddons-addon-initializer:v0.0.9
args: ["traefikforwardauth"]
env:
- name: "TFA_CONFIGMAP_NAME"
value: "traefik-forward-auth-kubeaddons-configmap"
- name: "TFA_NAMESPACE"
value: "kubeaddons"
- name: "TFA_INGRESS_NAMESPACE"
value: "kubeaddons"
- name: "TFA_INGRESS_SERVICE_NAME"
value: "traefik-kubeaddons"