diff --git a/apps/k8s01/uptime-kuma/kustomization.yaml b/apps/k8s01/uptime-kuma/kustomization.yaml index 61a00bf8842d44f0db3a426b73d7a1eb071d2a2d..ba695526257550405fddba1c4b1efe7ea7f884c7 100644 --- a/apps/k8s01/uptime-kuma/kustomization.yaml +++ b/apps/k8s01/uptime-kuma/kustomization.yaml @@ -6,4 +6,5 @@ resources: - certificate.yaml - uptime-kuma-values.yaml - slo.yaml + - oauth2.yaml - ../../../shared/resourcequotas/default.yaml diff --git a/apps/k8s01/uptime-kuma/oauth2.yaml b/apps/k8s01/uptime-kuma/oauth2.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e87f23854c8269f82bdea6423d886652dbb19e43 --- /dev/null +++ b/apps/k8s01/uptime-kuma/oauth2.yaml @@ -0,0 +1,243 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: oauth2-proxy + namespace: uptime-kuma +spec: + interval: 30m + url: https://oauth2-proxy.github.io/manifests +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-02-21T02:52:17Z" + mac: ENC[AES256_GCM,data:Qqx1RvLQEj3NRsFSVQm4CI+5eSoPWUDDuInhiHq6nXD0qsNcfYVKHTB8JgaIJ4OgEKtpd3iObYAS4z+mY34rFVhr9BlPZ/vRGbTnwYE4CCb8SJqTFetglM3rhNFn4u+AW2qLXN2cTl8Zqs1WU8by+IzdN9/qoCwgIJgdrruxtLU=,iv:Nw4V6zLa5g8xRMbufmhB2d5U+ZPUH7n5cDBAyUZDZOw=,tag:BOzhOzTK4VnQ4GKG1yWQBA==,type:str] + pgp: + - created_at: "2022-01-22T04:06:16Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF + 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W + BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P + 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw + KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9 + OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9 + LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp + DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo + b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y + HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj + XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS + 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo + M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA== + =c/3x + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-01-22T04:06:16Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ + yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI + 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN + 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N + 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK + GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW + fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU + WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd + vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl + tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c + w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU + aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9 + NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9 + PNNoVr/LwxMQ + =e2fo + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$ + version: 3.7.3 +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: oauth2-proxy + namespace: uptime-kuma +spec: + serviceAccountName: flux-reconciler + releaseName: oauth2-proxy + chart: + spec: + chart: oauth2-proxy + sourceRef: + kind: HelmRepository + name: oauth2-proxy + namespace: uptime-kuma + version: 6.9.0 + interval: 5m + install: + remediation: + retries: 5 + values: + config: + clientID: uptime-kuma + clientSecret: ENC[AES256_GCM,data:dJQuJkMhtRJoBhrSOyhPYFKdC6lKyiBrYjQBu23+MrI=,iv:BsVDdiFHPgk82Akj6B3b4Yp/4Uj0IRFesySBtFQKD/U=,tag:9xWTZod6xUcSUq6d7pEI0Q==,type:str] + cookieSecret: ENC[AES256_GCM,data:s9i5XebZ373eCpa075bZ/xb9Egq0v7A2BSKAgTF6YHs/bG2f3tT6IGGmJa4=,iv:1STc1smpQoHEjLBYQGaFueDn/o+FXCQ8pnTsxbEAZMc=,tag:PvDOn3IGWhEQfaQadVWsxg==,type:str] + extraArgs: + provider: keycloak-oidc + provider-display-name: SI-Auth + oidc-issuer-url: ENC[AES256_GCM,data:CUky0W47wOOJmY7EpNrb486hs5l5DjxkaOrzT1OOOWIYcW9bdw9Xgg7FcABOxwcMO4Vn/okDZQ==,iv:lpiXwA9KSjT9nSFeXaBiijJWkAm5FKfCtmU3XvnMPDU=,tag:cN17VOD6bUz1MQHbOQ5Hwg==,type:str] + allowed-role: uptime-kuma:admin + silence-ping-logging: true + skip-auth-route: GET=^/$ OR GET=^/status OR GET=^/assets/ OR GET=^/assets OR GET=^/icon.svg OR GET=^/api/.* OR GET=^/upload/.* OR OR GET=^/metrics" + replicaCount: 2 + securityContext: + enabled: true + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: oauth2-proxy + topologyKey: kubernetes.io/hostname + ingress: + enabled: true + path: /oauth2 + pathType: Prefix + hosts: + - ENC[AES256_GCM,data:VxqY7uNNS0UOWgZgdQ8=,iv:WiGaTkrnESES0fKeg3KnSN8WqrqrWPsnEvuzIdwDdAg=,tag:eF5NXSAxTAQoDKzad5qxAw==,type:str] + - ENC[AES256_GCM,data:P/0bnr9jZ6np1LvwAsPP33P3K9O1KlA=,iv:0RKFWWivN2+l3f5ooTLKPRjQYLxKcFJOGQ/yFu45gDM=,tag:TawmgLdMogBX1SCKHKodIw==,type:str] + tls: + - hosts: + - ENC[AES256_GCM,data:R/QKuvJQgZOPVT2rQqM=,iv:+W9fceFmO7zABoRSyhFT7Q7ioBQ0aWg0e29lu+DroVQ=,tag:gXlTVsg42fIfxkmmDAtmlg==,type:str] + secretName: ingress-221b-tls + - hosts: + - ENC[AES256_GCM,data:D/vFlWr6utcREaeet8KaHr1dFLnoYxE=,iv:SYaxWKnilX/qjKA914xV38i2zcVcBO2hffjX34FSK4c=,tag:Z7yZeOAp08kgxehS5X9sTg==,type:str] + secretName: ingress-darmstadt-tls + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 25Mi +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-02-21T02:52:17Z" + mac: ENC[AES256_GCM,data:Qqx1RvLQEj3NRsFSVQm4CI+5eSoPWUDDuInhiHq6nXD0qsNcfYVKHTB8JgaIJ4OgEKtpd3iObYAS4z+mY34rFVhr9BlPZ/vRGbTnwYE4CCb8SJqTFetglM3rhNFn4u+AW2qLXN2cTl8Zqs1WU8by+IzdN9/qoCwgIJgdrruxtLU=,iv:Nw4V6zLa5g8xRMbufmhB2d5U+ZPUH7n5cDBAyUZDZOw=,tag:BOzhOzTK4VnQ4GKG1yWQBA==,type:str] + pgp: + - created_at: "2022-01-22T04:06:16Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF + 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W + BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P + 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw + KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9 + OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9 + LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp + DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo + b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y + HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj + XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS + 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo + M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA== + =c/3x + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-01-22T04:06:16Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ + yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI + 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN + 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N + 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK + GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW + fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU + WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd + vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl + tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c + w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU + aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9 + NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9 + PNNoVr/LwxMQ + =e2fo + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$ + version: 3.7.3 +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-ingress-to-oauth2 + namespace: uptime-kuma +spec: + podSelector: + matchLabels: + app: oauth2-proxy + ingress: + - from: + - namespaceSelector: + matchLabels: + ingress.shivering-isles.com/network-access-required: "true" +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-02-21T02:52:17Z" + mac: ENC[AES256_GCM,data:Qqx1RvLQEj3NRsFSVQm4CI+5eSoPWUDDuInhiHq6nXD0qsNcfYVKHTB8JgaIJ4OgEKtpd3iObYAS4z+mY34rFVhr9BlPZ/vRGbTnwYE4CCb8SJqTFetglM3rhNFn4u+AW2qLXN2cTl8Zqs1WU8by+IzdN9/qoCwgIJgdrruxtLU=,iv:Nw4V6zLa5g8xRMbufmhB2d5U+ZPUH7n5cDBAyUZDZOw=,tag:BOzhOzTK4VnQ4GKG1yWQBA==,type:str] + pgp: + - created_at: "2022-01-22T04:06:16Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF + 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W + BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P + 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw + KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9 + OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9 + LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp + DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo + b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y + HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj + XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS + 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo + M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA== + =c/3x + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-01-22T04:06:16Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ + yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI + 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN + 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N + 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK + GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW + fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU + WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd + vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl + tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c + w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU + aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9 + NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9 + PNNoVr/LwxMQ + =e2fo + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$ + version: 3.7.3