55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: oidc-secret
|
|
namespace: grist
|
|
spec:
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: bitwarden
|
|
data:
|
|
- remoteRef:
|
|
key: oidc client - grist
|
|
property: password
|
|
secretKey: client_secret
|
|
- remoteRef:
|
|
key: oidc client - grist
|
|
property: username
|
|
secretKey: client_id
|
|
- remoteRef:
|
|
key: oidc client - grist
|
|
property: cookie-secret
|
|
secretKey: cookie_secret
|
|
refreshInterval: 5m
|
|
target:
|
|
creationPolicy: Owner
|
|
deletionPolicy: Delete
|
|
name: oidc-secret
|
|
template:
|
|
data:
|
|
oauth2-proxy.cfg: |
|
|
cookie_secret='{{ .cookie_secret }}'
|
|
cookie_domains=['werts.us','strudelline.net']
|
|
|
|
whitelist_domains=['.werts.us','.strudelline.net','strudelline.net','werts.us']
|
|
# only users with this domain will be let in
|
|
email_domains=["werts.us","strudelline.net","andariese.net"]
|
|
|
|
client_id="{{ .client_id }}"
|
|
client_secret="{{ .client_secret }}"
|
|
cookie_secure="true"
|
|
|
|
upstreams = [ "http://localhost:8080" ]
|
|
#skip_auth_routes = [
|
|
# "!=^/admin(/.*)?$"
|
|
#]
|
|
|
|
skip_provider_button = true
|
|
|
|
reverse_proxy = true
|
|
set_xauthrequest = true
|
|
|
|
provider="oidc"
|
|
oidc_issuer_url="https://auth.werts.us/realms/werts"
|
|
type: Opaque
|