Skip to content

Commit

Permalink
Merge pull request #12 from unfor19/kubernetes/1.21.2
Browse files Browse the repository at this point in the history
Kubernetes/1.21.2
  • Loading branch information
unfor19 authored Feb 5, 2022
2 parents 20b7590 + 8cf254f commit f7775de
Show file tree
Hide file tree
Showing 10 changed files with 113 additions and 25,551 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
.*
!.*ignore*
minikube-bin
8 changes: 5 additions & 3 deletions 1-baby.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ spec:
app: cats
type: baby
---
apiVersion: networking.k8s.io/v1beta1 # NGINX Ingress Controller supports this version
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: baby
Expand All @@ -61,5 +61,7 @@ spec:
- path: /
pathType: Prefix
backend:
serviceName: baby
servicePort: 80
service:
name: baby
port:
number: 80
14 changes: 8 additions & 6 deletions 2-green.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,17 +48,17 @@ spec:
app: cats
type: green
---
apiVersion: networking.k8s.io/v1beta1 # NGINX Ingress Controller supports this version
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: green
annotations:
cert-manager.io/cluster-issuer: tls-ca-issuer # https://cert-manager.io/docs/usage/ingress/
spec:
tls:
- hosts:
- green.kubemaster.me
secretName: green-tls-secret
- hosts:
- green.kubemaster.me
secretName: green-tls-secret
ingressClassName: nginx
rules:
- host: green.kubemaster.me
Expand All @@ -67,5 +67,7 @@ spec:
- path: /
pathType: Prefix
backend:
serviceName: green
servicePort: 80
service:
name: green
port:
number: 80
18 changes: 10 additions & 8 deletions 3-dark.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ spec:
valueFrom:
secretKeyRef:
name: google-credentials
key: google_client_id
key: google_client_id
ports:
- containerPort: 8080
---
Expand All @@ -53,20 +53,20 @@ spec:
app: cats
type: dark
---
apiVersion: networking.k8s.io/v1beta1 # NGINX Ingress Controller supports this version
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dark
annotations:
cert-manager.io/cluster-issuer: tls-ca-issuer # https://cert-manager.io/docs/usage/ingress/
nginx.ingress.kubernetes.io/auth-url: https://auth.kubemaster.me/oauth2/auth
nginx.ingress.kubernetes.io/auth-signin: https://auth.kubemaster.me/oauth2/start?rd=https://$host$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Auth-Request-User, X-Auth-Request-Email, X-Auth-Request-Preferred-Username, X-Auth-Request-Access-Token"
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Auth-Request-User, X-Auth-Request-Email, X-Auth-Request-Preferred-Username, X-Auth-Request-Access-Token"
spec:
tls:
- hosts:
- dark.kubemaster.me
secretName: dark-tls-secret
- hosts:
- dark.kubemaster.me
secretName: dark-tls-secret
ingressClassName: nginx
rules:
- host: dark.kubemaster.me
Expand All @@ -75,5 +75,7 @@ spec:
- path: /
pathType: Prefix
backend:
serviceName: dark
servicePort: 80
service:
name: dark
port:
number: 80
15 changes: 9 additions & 6 deletions 3-oauth2-proxy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ spec:
valueFrom:
secretKeyRef:
name: google-credentials
key: google_client_secret
image: quay.io/oauth2-proxy/oauth2-proxy:v7.1.0
key: google_client_secret
image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1
imagePullPolicy: IfNotPresent
name: oauth2-proxy
ports:
Expand Down Expand Up @@ -76,23 +76,26 @@ spec:
selector:
k8s-app: oauth2-proxy
---
apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: oauth2-proxy
annotations:
cert-manager.io/cluster-issuer: tls-ca-issuer # https://cert-manager.io/docs/usage/ingress/
cert-manager.io/cluster-issuer: tls-ca-issuer # https://cert-manager.io/docs/usage/ingress/
spec:
tls:
- hosts:
- auth.kubemaster.me
secretName: oauth2-proxy-tls-secret
ingressClassName: nginx
rules:
- host: auth.kubemaster.me
http:
paths:
- path: /oauth2
pathType: Prefix
backend:
serviceName: oauth2-proxy
servicePort: 4180
service:
name: oauth2-proxy
port:
number: 4180
20 changes: 11 additions & 9 deletions 4-darker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,13 @@ spec:
env:
- name: APP_NAME
value: dark
- name: FROM_AUTHOR
- name: FROM_AUTHOR
value: darker
- name: CLIENT_ID
valueFrom:
secretKeyRef:
name: google-credentials
key: google_client_id
key: google_client_id
ports:
- containerPort: 8080
---
Expand All @@ -55,20 +55,20 @@ spec:
app: cats
type: darker
---
apiVersion: networking.k8s.io/v1beta1 # NGINX Ingress Controller supports this version
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: darker
annotations:
cert-manager.io/cluster-issuer: tls-ca-issuer # https://cert-manager.io/docs/usage/ingress/
cert-manager.io/cluster-issuer: tls-ca-issuer # https://cert-manager.io/docs/usage/ingress/
nginx.ingress.kubernetes.io/auth-url: https://oidc.kubemaster.me/oauth2/auth
nginx.ingress.kubernetes.io/auth-signin: https://oidc.kubemaster.me/oauth2/start?rd=https://$host$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Auth-Request-User, X-Auth-Request-Email, X-Auth-Request-Preferred-Username, X-Auth-Request-Access-Token"
spec:
tls:
- hosts:
- darker.kubemaster.me
secretName: darker-tls-secret
- hosts:
- darker.kubemaster.me
secretName: darker-tls-secret
ingressClassName: nginx
rules:
- host: darker.kubemaster.me
Expand All @@ -77,5 +77,7 @@ spec:
- path: /
pathType: Prefix
backend:
serviceName: darker
servicePort: 80
service:
name: darker
port:
number: 80
13 changes: 8 additions & 5 deletions 4-oauth2-proxy-oidc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ spec:
- --provider=oidc # Google in our case
- --scope=openid profile email
- --oidc-issuer-url=https://accounts.google.com
- --oidc-jwks-url=https://accounts.google.com/.well-known/openid-configuration
- --oidc-jwks-url=https://accounts.google.com/.well-known/openid-configuration
- --email-domain=* #
- --http-address=0.0.0.0:4180 # accept from anywhere to port 4180
- --whitelist-domain=.kubemaster.me # any subdomain
Expand Down Expand Up @@ -79,23 +79,26 @@ spec:
selector:
k8s-app: oauth2-proxy-oidc
---
apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: oauth2-proxy-oidc
annotations:
cert-manager.io/cluster-issuer: tls-ca-issuer # https://cert-manager.io/docs/usage/ingress/
cert-manager.io/cluster-issuer: tls-ca-issuer # https://cert-manager.io/docs/usage/ingress/
spec:
tls:
- hosts:
- oidc.kubemaster.me
secretName: oauth2-proxy-oidc-tls-secret
ingressClassName: nginx
rules:
- host: oidc.kubemaster.me
http:
paths:
- path: /oauth2
pathType: Prefix
backend:
serviceName: oauth2-proxy-oidc
servicePort: 4180
service:
name: oauth2-proxy-oidc
port:
number: 4180
Loading

0 comments on commit f7775de

Please sign in to comment.