50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: oauth2-proxy-oidc-secret
|
|
namespace: keycloak
|
|
spec:
|
|
data:
|
|
- remoteRef:
|
|
key: oidc client - oauth2-proxy
|
|
property: password
|
|
secretKey: client_secret
|
|
- remoteRef:
|
|
key: oidc client - oauth2-proxy
|
|
property: username
|
|
secretKey: client_id
|
|
- remoteRef:
|
|
key: oidc client - oauth2-proxy
|
|
property: cookie-secret
|
|
secretKey: cookie_secret
|
|
refreshInterval: 5m
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: bitwarden
|
|
target:
|
|
name: oauth2-proxy-oidc-secret
|
|
template:
|
|
data:
|
|
oauth2-proxy.cfg: |
|
|
cookie_secret='{{ .cookie_secret }}'
|
|
cookie_domains=['werts.us','strudelline.net']
|
|
cookie_csrf_per_request = true
|
|
|
|
whitelist_domains=['.werts.us','.strudelline.net','strudelline.net','werts.us']
|
|
# only users with this domain will be let in
|
|
email_domains=["werts.us","strudelline.net","andariese.net"]
|
|
|
|
client_id="{{ .client_id }}"
|
|
client_secret="{{ .client_secret }}"
|
|
cookie_secure="true"
|
|
|
|
upstreams = [ "file:///dev/null" ]
|
|
skip_provider_button = true
|
|
set_xauthrequest = true
|
|
pass_access_token = true
|
|
|
|
provider="oidc"
|
|
oidc_issuer_url="https://auth.werts.us/realms/werts"
|
|
engineVersion: v2
|
|
type: Opaque
|