From 2a9560d4dedd38fff429dfc09e90ac0da669d3fd Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Fri, 22 Nov 2024 00:47:00 +0000 Subject: [PATCH] move grafana and k8s dashboard to use authentik instead of oauth proxy [ci skip] --- modules/kubernetes/k8s-dashboard/main.tf | 9 +++++++-- modules/kubernetes/main.tf | 5 +++++ modules/kubernetes/monitoring/grafana_chart_values.yaml | 8 ++++++-- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/modules/kubernetes/k8s-dashboard/main.tf b/modules/kubernetes/k8s-dashboard/main.tf index b554e9b0..ca98f94c 100644 --- a/modules/kubernetes/k8s-dashboard/main.tf +++ b/modules/kubernetes/k8s-dashboard/main.tf @@ -87,8 +87,13 @@ resource "kubernetes_ingress_v1" "kubernetes-dashboard" { # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" # "nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name - "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" + "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" + + "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" + "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" } } diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index e7e46370..bda18f3b 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -521,3 +521,8 @@ module "authentik" { secret_key = var.authentik_secret_key postgres_password = var.authentik_postgres_password } + +# module "qbittorrent" { +# source = "./qbittorrent" +# tls_secret_name = var.tls_secret_name +# } diff --git a/modules/kubernetes/monitoring/grafana_chart_values.yaml b/modules/kubernetes/monitoring/grafana_chart_values.yaml index 01b8af07..706ca48a 100644 --- a/modules/kubernetes/monitoring/grafana_chart_values.yaml +++ b/modules/kubernetes/monitoring/grafana_chart_values.yaml @@ -11,8 +11,12 @@ ingress: # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" # nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret" - nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth" - nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + # nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth" + # nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + nginx.ingress.kubernetes.io/auth-url: "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" + nginx.ingress.kubernetes.io/auth-signin: "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" + nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" + nginx.ingress.kubernetes.io/auth-snippet: "proxy_set_header X-Forwarded-Host $http_host;" tls: - secretName: "tls-secret" hosts: