From 1fb779255f0031c24e1be7b07cc4a52dd68ada9e Mon Sep 17 00:00:00 2001 From: Ultradesu Date: Tue, 5 May 2026 15:48:47 +0100 Subject: [PATCH] Moved pass to keycloak --- k8s/apps/k8s-secrets/ingress.yaml | 46 +++++++++++++++++++++++++ k8s/apps/k8s-secrets/kustomization.yaml | 12 +++++++ 2 files changed, 58 insertions(+) create mode 100644 k8s/apps/k8s-secrets/ingress.yaml create mode 100644 k8s/apps/k8s-secrets/kustomization.yaml diff --git a/k8s/apps/k8s-secrets/ingress.yaml b/k8s/apps/k8s-secrets/ingress.yaml new file mode 100644 index 0000000..759e65b --- /dev/null +++ b/k8s/apps/k8s-secrets/ingress.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: auth-proxy +spec: + forwardAuth: + address: http://auth-proxy.auth-proxy.svc:80/auth + trustForwardHeader: true + authResponseHeaders: + - X-Auth-Request-User + - X-Auth-Request-Email + - X-Auth-Request-Groups +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: secret-reader + annotations: + cert-manager.io/cluster-issuer: letsencrypt +spec: + entryPoints: + - websecure + routes: + - match: Host(`pass.hexor.cy`) + kind: Rule + middlewares: + - name: auth-proxy + services: + - name: secret-reader + port: 80 + tls: + secretName: secret-reader-tls +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: secret-reader-tls +spec: + secretName: secret-reader-tls + issuerRef: + name: letsencrypt + kind: ClusterIssuer + dnsNames: + - pass.hexor.cy + diff --git a/k8s/apps/k8s-secrets/kustomization.yaml b/k8s/apps/k8s-secrets/kustomization.yaml new file mode 100644 index 0000000..664171f --- /dev/null +++ b/k8s/apps/k8s-secrets/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./app.yaml + - ./deployment.yaml + - ./external-secret.yaml + - ./ingress.yaml + - ./kustomization.yaml + - ./rbac.yaml + - ./service-account.yaml + - ./service.yaml