50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
|
apiVersion: external-secrets.io/v1beta1
|
||
|
kind: ExternalSecret
|
||
|
metadata:
|
||
|
name: oauth2-proxy-oidc-secret
|
||
|
namespace: keycloak
|
||
|
spec:
|
||
|
data:
|
||
|
- remoteRef:
|
||
|
key: oidc client - oauth2-proxy
|
||
|
property: password
|
||
|
secretKey: client_secret
|
||
|
- remoteRef:
|
||
|
key: oidc client - oauth2-proxy
|
||
|
property: username
|
||
|
secretKey: client_id
|
||
|
- remoteRef:
|
||
|
key: oidc client - oauth2-proxy
|
||
|
property: cookie-secret
|
||
|
secretKey: cookie_secret
|
||
|
refreshInterval: 5m
|
||
|
secretStoreRef:
|
||
|
kind: ClusterSecretStore
|
||
|
name: bitwarden
|
||
|
target:
|
||
|
name: oauth2-proxy-oidc-secret
|
||
|
template:
|
||
|
data:
|
||
|
oauth2-proxy.cfg: |
|
||
|
cookie_secret='{{ .cookie_secret }}'
|
||
|
cookie_domains=['werts.us','strudelline.net']
|
||
|
cookie_csrf_per_request = true
|
||
|
|
||
|
whitelist_domains=['.werts.us','.strudelline.net','strudelline.net','werts.us']
|
||
|
# only users with this domain will be let in
|
||
|
email_domains=["werts.us","strudelline.net","andariese.net"]
|
||
|
|
||
|
client_id="{{ .client_id }}"
|
||
|
client_secret="{{ .client_secret }}"
|
||
|
cookie_secure="true"
|
||
|
|
||
|
upstreams = [ "file:///dev/null" ]
|
||
|
skip_provider_button = true
|
||
|
set_xauthrequest = true
|
||
|
pass_access_token = true
|
||
|
|
||
|
provider="oidc"
|
||
|
oidc_issuer_url="https://auth.werts.us/realms/werts"
|
||
|
engineVersion: v2
|
||
|
type: Opaque
|