kube-cascade/grist/oidc-secret.yaml

apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: oidc-secret
  namespace: grist
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: bitwarden
  data:
  - remoteRef:
      key: oidc client - grist
      property: password
    secretKey: client_secret
  - remoteRef:
      key: oidc client - grist
      property: username
    secretKey: client_id
  - remoteRef:
      key: oidc client - grist
      property: cookie-secret
    secretKey: cookie_secret
  refreshInterval: 5m
  target:
    creationPolicy: Owner
    deletionPolicy: Delete
    name: oidc-secret
    template:
      data:
        oauth2-proxy.cfg: |
          cookie_secret='{{ .cookie_secret }}'
          cookie_domains=['werts.us','strudelline.net']

          whitelist_domains=['.werts.us','.strudelline.net','strudelline.net','werts.us']
          # only users with this domain will be let in
          email_domains=["werts.us","strudelline.net","andariese.net"]

          client_id="{{ .client_id }}"
          client_secret="{{ .client_secret }}"
          cookie_secure="true"

          upstreams = [ "http://localhost:8080" ]
          #skip_auth_routes = [
          #  "!=^/admin(/.*)?$"
          #]

          skip_provider_button = true

          reverse_proxy = true
          set_xauthrequest = true

          provider="oidc"
          oidc_issuer_url="https://auth.werts.us/realms/werts"
      type: Opaque
true it on up y'all 2023-12-20 22:40:16 +00:00			`apiVersion: external-secrets.io/v1beta1`
			`kind: ExternalSecret`
			`metadata:`
			`name: oidc-secret`
			`namespace: grist`
			`spec:`
			`secretStoreRef:`
			`kind: ClusterSecretStore`
			`name: bitwarden`
			`data:`
			`- remoteRef:`
			`key: oidc client - grist`
			`property: password`
			`secretKey: client_secret`
			`- remoteRef:`
			`key: oidc client - grist`
			`property: username`
			`secretKey: client_id`
			`- remoteRef:`
			`key: oidc client - grist`
			`property: cookie-secret`
			`secretKey: cookie_secret`
			`refreshInterval: 5m`
			`target:`
			`creationPolicy: Owner`
			`deletionPolicy: Delete`
			`name: oidc-secret`
			`template:`
			`data:`
			`oauth2-proxy.cfg: \|`
			`cookie_secret='{{ .cookie_secret }}'`
			`cookie_domains=['werts.us','strudelline.net']`

			`whitelist_domains=['.werts.us','.strudelline.net','strudelline.net','werts.us']`
			`# only users with this domain will be let in`
			`email_domains=["werts.us","strudelline.net","andariese.net"]`

			`client_id="{{ .client_id }}"`
			`client_secret="{{ .client_secret }}"`
			`cookie_secure="true"`

			`upstreams = [ "http://localhost:8080" ]`
			`#skip_auth_routes = [`
			`# "!=^/admin(/.*)?$"`
			`#]`

			`skip_provider_button = true`

			`reverse_proxy = true`
			`set_xauthrequest = true`

			`provider="oidc"`
			`oidc_issuer_url="https://auth.werts.us/realms/werts"`
			`type: Opaque`