55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
|
apiVersion: external-secrets.io/v1beta1
|
||
|
kind: ExternalSecret
|
||
|
metadata:
|
||
|
name: oidc-secret
|
||
|
namespace: grist
|
||
|
spec:
|
||
|
secretStoreRef:
|
||
|
kind: ClusterSecretStore
|
||
|
name: bitwarden
|
||
|
data:
|
||
|
- remoteRef:
|
||
|
key: oidc client - grist
|
||
|
property: password
|
||
|
secretKey: client_secret
|
||
|
- remoteRef:
|
||
|
key: oidc client - grist
|
||
|
property: username
|
||
|
secretKey: client_id
|
||
|
- remoteRef:
|
||
|
key: oidc client - grist
|
||
|
property: cookie-secret
|
||
|
secretKey: cookie_secret
|
||
|
refreshInterval: 5m
|
||
|
target:
|
||
|
creationPolicy: Owner
|
||
|
deletionPolicy: Delete
|
||
|
name: oidc-secret
|
||
|
template:
|
||
|
data:
|
||
|
oauth2-proxy.cfg: |
|
||
|
cookie_secret='{{ .cookie_secret }}'
|
||
|
cookie_domains=['werts.us','strudelline.net']
|
||
|
|
||
|
whitelist_domains=['.werts.us','.strudelline.net','strudelline.net','werts.us']
|
||
|
# only users with this domain will be let in
|
||
|
email_domains=["werts.us","strudelline.net","andariese.net"]
|
||
|
|
||
|
client_id="{{ .client_id }}"
|
||
|
client_secret="{{ .client_secret }}"
|
||
|
cookie_secure="true"
|
||
|
|
||
|
upstreams = [ "http://localhost:8080" ]
|
||
|
#skip_auth_routes = [
|
||
|
# "!=^/admin(/.*)?$"
|
||
|
#]
|
||
|
|
||
|
skip_provider_button = true
|
||
|
|
||
|
reverse_proxy = true
|
||
|
set_xauthrequest = true
|
||
|
|
||
|
provider="oidc"
|
||
|
oidc_issuer_url="https://auth.werts.us/realms/werts"
|
||
|
type: Opaque
|