You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 lines
2.8 KiB
100 lines
2.8 KiB
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: oauth2-proxy
|
|
labels:
|
|
app: oauth2-proxy
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: oauth2-proxy
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: oauth2-proxy
|
|
spec:
|
|
volumes:
|
|
- name: oauth2-proxy-config
|
|
configMap:
|
|
name: oauth2-proxy
|
|
- name: oauth2-proxy-theme
|
|
configMap:
|
|
name: oauth2-proxy-theme
|
|
containers:
|
|
- name: oauth2-proxy
|
|
image: quay.io/oauth2-proxy/oauth2-proxy:latest
|
|
args:
|
|
- --http-address=0.0.0.0:4180
|
|
- --config=/etc/oauth2_proxy/oauth2_proxy.cfg
|
|
ports:
|
|
- name: http
|
|
containerPort: 4180
|
|
protocol: TCP
|
|
- name: metrics
|
|
containerPort: 44180
|
|
protocol: TCP
|
|
env:
|
|
- name: OAUTH2_PROXY_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oauth2-proxy
|
|
key: client-id
|
|
- name: OAUTH2_PROXY_CLIENT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oauth2-proxy
|
|
key: client-secret
|
|
- name: OAUTH2_PROXY_COOKIE_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: oauth2-proxy
|
|
key: cookie-secret
|
|
- name: OAUTH2_PROXY_COOKIE_SECURE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: oauth2-proxy-parameters
|
|
key: FORCE_HTTPS
|
|
- name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: oauth2-proxy-parameters
|
|
key: ALLOW_SELF_SIGNED_ISSUER
|
|
- name: OAUTH2_PROXY_SKIP_JWT_BEARER_TOKENS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: oauth2-proxy-parameters
|
|
key: ENABLE_M2M_TOKENS
|
|
- name: OAUTH2_PROXY_EXTRA_JWT_ISSUERS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: oauth2-proxy-parameters
|
|
key: EXTRA_JWT_ISSUERS
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
runAsNonRoot: true
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
volumeMounts:
|
|
- name: oauth2-proxy-config
|
|
mountPath: /etc/oauth2_proxy/oauth2_proxy.cfg
|
|
subPath: oauth2_proxy.cfg
|
|
readOnly: true
|
|
- name: oauth2-proxy-theme
|
|
mountPath: /custom-theme/kubeflow-logo.svg
|
|
subPath: kubeflow-logo.svg
|
|
readOnly: true
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /ping
|
|
port: http
|
|
scheme: HTTP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: http
|
|
scheme: HTTP
|
|
resources: {}
|
|
|