Skip to content
This repository was archived by the owner on Jun 12, 2024. It is now read-only.

Commit c3715c5

Browse files
ruzickapruzickap
committed
Improve oauth2
1 parent 80608b2 commit c3715c5

File tree

8 files changed

+63
-5
lines changed

8 files changed

+63
-5
lines changed

clusters/aws-dev-mgmt/flux/cluster-apps-secrets/cluster-apps-secrets.yaml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ data:
1818
GOOGLE_CLIENT_SECRET: ENC[AES256_GCM,data:tYvGtANnxyj0Ek+rYx3062uMzKy7wYbgD1PB2zq5cqEPGdJBHvIPIsfvDdeAf849,iv:pr2tMxzcMVX33SMey7C5GX22OCfOfCofKoobpLFedlI=,tag:v7QurU2gfDOP2ctVDmxK+w==,type:str]
1919
KEYCLOAK_ADMIN_USERNAME: ENC[AES256_GCM,data:E2aV6AcQxNg=,iv:mtqtHWEFh+Z8fsSY9bHHSyJwjBmSyviaUN94JhkoR7M=,tag:n5qNcaT2eva0CH2PEGtcxg==,type:str]
2020
KEYCLOAK_ADMIN_PASSWORD: ENC[AES256_GCM,data:lw7IwY0fANGD/2iYeGZmACkbM3TMsDaXjUYpasceTKIGLYGaamKPdw==,iv:YATGDhh5K9LiWQ2Dg81dIEoDUspknKJapYafuNhOQgo=,tag:86GbwBQF6Z7O51X7vDrhfA==,type:str]
21+
KUBERNETES_DASHBOARD_TOKEN: ENC[AES256_GCM,data:0LoN4ZONdVWHLc0O4J9WVuKawCcPeCo5/pI0SYRdPcolB4ZMjJKZrblxVpoNWjrSPRPNfNQdV/suPHwm8C8M2TG01xI5WZQadltFgiYI8rSfOyAz6JL6xni8geAY7dFMuL+yIKGgHbouOpxBvq0bpH+lMw7IwHrrn9VK0vi6X5nINga6mMNBZd9Qvdf/gJRbeuF47u44URJ958oek+PR7bNpCykJdGfSnv9uVUwVDBM8wS69DTW0f63ph3wlAj1FqIQ2OAwNK3JEmcP1hujcG5DIzS2uZs3GVTjaFk9qu4fBPMWok48Zt0t1M/EP8WT0C1ufM52JMBCf8DegHUsYDvRUYLGVV7u9s7SrOQXoVclk+u65SOzjYQe4gEIwRToUO8+GB475JoIRi1B8TJ+bNEKAGMecplhPvODtI778U4lQvLHVkQXM6BJqTYdki+jn0YaTX3ifKgqnVu/xXxr7+3FH6+dyaEqSRbB5LsqYaEjUrVw82NrA73WpMzFhyfIOcU2xgWzyKYGZfbfZQQ8zkkNZzTNV0bKEdqGK/OieO/aABDuoldTEY9Xec9NCjOBULrPPUNs9H0TgSx55F2zaCx4hS/b7CvIHeNooibmGjrNc0GtYoGIDUfCHPCj1ZZD54eRy8domjGRIu+26CkF61fzwHx1HSm8vDbecXrMTuGTMto7gD0zAgY6vFQR444HiJk8OsBomRbgHIPRyfTgB2S++k2MjcI3UOF7dwLU2Y/FFfUoCo1XSpGCCojhDkICXf7RbOBkD2qrjowK92q8JK8w9/PQAqJgQVoETSrA4pEonPupNR9NkOTimhkEIUcKE4OM+H0m6o35mtpGR6gtXr+bLh0miGa0zN05yD5eW0k1J7IsAacx4WdEmCP2DkYOJoE+fpUxB8qpWXpDWln+T/XzBvwHmdtmHEGQNRyTaNbX57c1t73ng8u5pd5FYET+zFQYxGsEGVUVMVw4mUtCPqpmartIcw+iYg2ud6pBEfPsVwWbhDpdWFT29keGJQ6xcjhFRWIW/xYz3dWYxgFMxdqHLm5QHkD6djRAVSYbx5CrkJ/cYsYK5PeekTMi5MY51To521qd39StfRTixAvwWcgP/lJm/9ba4ZPZ8sOComFHQABC5HuEzZHFxZfQlLk2SxW3Jh6D7Ao30/MDE4SG1kahJ/qsieBOIs1VPQmpSPgDQF4SBVfd4JA4DMwF8n9RFIAgmG2GsAQBKqixS4fKwu4W8FEJNCdaazAbrf+WwRYK9Fb1s6l/rIsDECEISoJV/NvYu0ivRELheaUaNvTo6h28TouoUDTQkzGg81ngsk5LccNdgLBQVBFf4wBWaKeR2iydQtDLurOhaHShrf/WkD7r7AATcVFtBOBnfMGJz+kwjOz2HIUHJrWOW2Z59g8mbHwgZ61UtcBSOZ7Zz24sxCUvOvXorZnrpNwj+HRLGf5GaLP40P3MJEH/lkDcYpugVK+BhVGNxhyMsaUvB4mqU2FNYEtT4cMWhZVvcShLH4XZVXpFV2KskiK/uPYg+Qx0S7NrMMueN0l29siho3VMwu0UhGfE4U0LMv3MVIiWrGJqLG9EKSrC0plqDHkhshDxGLz03a4jluXkjQu214GM1i9dTec/+h3UrMEkiv1gvYhGLcwY5smiXTEgP3GqCtY/M9hZGgiWu40dwleNT2eVAd3RnhKU2/Vw0Ff2DXAcRSFBQqHnq+oxhXC4CtqcxnQcWr5liLsQ/5iRSf3PbAotp7hV5J7w99QaJKq0Bb3dC/Tm6C9RPiUrxe5cuM23+Inr5yt/uZA==,iv:zrk0VoC2VyaTUAg2ywaDxGOEbDUJMAbV3PGmpFJvtxo=,tag:yugziu7Rf7dfBXrXjoQmdA==,type:str]
2122
sops:
2223
kms:
2324
- arn: arn:aws:kms:eu-central-1:729560437327:alias/sops
@@ -28,8 +29,8 @@ sops:
2829
azure_kv: []
2930
hc_vault: []
3031
age: []
31-
lastmodified: "2022-08-27T04:28:54Z"
32-
mac: ENC[AES256_GCM,data:V7oS8u9p0MzzwdMovoQhzcZh+uMt8Wy/86CQmPFD8R69gWUqjvZUVvTVR/GlEUO6rvfrwDjGTsMItVe+KRFQPPTiwlLXODaFfg+9/ctrjVLsVMPEwgd0SLdNOdFjhUR08CWqz48EB37RFy7tknEhYwwZmejy50mZ42+C9E3IMXQ=,iv:IbzeBWqiv3gy/ikXclPnZzLKVx410yh3Ue50ZNsn7CU=,tag:haQTvMSOD1hl0kFedRSL+Q==,type:str]
32+
lastmodified: "2022-09-02T09:26:37Z"
33+
mac: ENC[AES256_GCM,data:JXCb+bWrpLWG5jF5pOV9kGNkq3AZ8jnSrNU23TeYXoAxsI+UeUzP1pmK/+9E1/8HGvqNRSVG0AWDDWIPD/RQ9grVwDSRUEi8jEf7kzZ9g4DLHBlnBy1w78FE+AQiYZ70k+vgCGRR+Q2I7MCLVvMfzqbrV8PJ80/geU99VY9UavY=,iv:oG13jIPHGU/GRjmlCqyjix5hQ9FxUGZ3qYPxoVj0GVs=,tag:o0vDy4vnpeXGdNbRjZeByg==,type:str]
3334
pgp:
3435
- created_at: "2022-07-07T06:23:23Z"
3536
enc: |-

clusters/aws-dev-mgmt/flux/cluster-apps/kubernetes-dashboard/kubernetes-dashboard-clusterrolebinding.yaml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,13 @@ roleRef:
99
subjects:
1010
- kind: ServiceAccount
1111
name: kubernetes-dashboard-admin
12-
namespace: kube-system
12+
namespace: kubernetes-dashboard
13+
1314
---
1415
apiVersion: v1
1516
kind: ServiceAccount
1617
metadata:
1718
name: kubernetes-dashboard-admin
18-
namespace: kube-system
19+
namespace: kubernetes-dashboard
20+
secrets:
21+
- name: kubernetes-dashboard-admin-token-secret

clusters/aws-dev-mgmt/flux/cluster-apps/kubernetes-dashboard/kubernetes-dashboard-group-helmrelease-values.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@ ingress:
1212
forecastle.stakater.com/appName: Kubernetes Dashboard
1313
nginx.ingress.kubernetes.io/auth-url: https://oauth2-proxy.${CLUSTER_FQDN}/oauth2/auth
1414
nginx.ingress.kubernetes.io/auth-signin: https://oauth2-proxy.${CLUSTER_FQDN}/oauth2/start?rd=$scheme://$host$request_uri
15+
nginx.ingress.kubernetes.io/auth-snippet: |
16+
proxy_set_header Authorization "Bearer ${KUBERNETES_DASHBOARD_TOKEN}";
17+
proxy_pass_header Authorization;
1518
className: nginx
1619
hosts:
1720
- kubernetes-dashboard.${CLUSTER_FQDN}

clusters/aws-dev-mgmt/flux/cluster-apps/kubernetes-dashboard/kubernetes-dashboard-token-secret.yaml

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
apiVersion: v1
2+
kind: Secret
3+
metadata:
4+
name: kubernetes-dashboard-admin-token-9lntg
5+
namespace: kubernetes-dashboard
6+
annotations:
7+
kubernetes.io/service-account.name: kubernetes-dashboard-admin
8+
data:
9+
ca.crt: ENC[AES256_GCM,data:G2e2T32RbhPi7EEeLDp9hJhUluyTSOnMKz0d6F8iTaLJPfuJIOU4h+c05KyJo5XVM9KglSrumvil5679Mxok5o6Ax4/l48ImfB4SCnoHxaXZqJ6hyOtsYSGva4VkXBZgS5itvHznzq/3aphGwLwrG8Z2wSvMOmWJXhzXxzt2ky1rM2L/FuzBQYBycFz34trlGuph4cR/WwtmNQ2pwdnwsrGbDN4c8BgdujpXFHki6bFaJeHjFUck+BFtou+r3/iCs4pu/r+51dt8h2kodHcILABkI3+LWXeQlferMKKzbae9sywYIxLCLjXw/mAwGM/RHSk/BBYod9DXK9F0ZTyz9scwsqXSsTSXLAMpMkTPABOfqmWc5ZtExUWHjJfgGM/B+D2Xc9QIQAM4REMJ0byKSReJwvEHbpIfggOi7BAurzQo49ToVQxWyCErojzXCntE6tvKiJIetgIU7MAIipwnBtzjsz0TlXudL+W7Ly7nX0X+3ItO6q3R6XzOjcZ5yItY8HSq12BmsWwXzYVxqhbwa3qSbpNJyAgRc5ws82ABn9tZoK/ONabWaLIsQ0+sqcJmQ35SR6ObfsZkwJZcKdmJHLuEfHpakHAf0rY3VacD2Uvl6o63bfuklmnGGNjoJT97iy5N44s514IjjyMEJ7XTA5gaVsdGbqd/JpB5iVmrK3Gz6hyVajsGycDVPPlCFqkBsecxQ6WX2rpg1Yr+hanhanaqTFx27PeAHTn8uCgrerRUxjly827/+GgNIS5W6GcutaPvVimT2vEi3yYqaSL2RV7XwMNdBGHNLfWGm+pYxHC6IwkuzAtG/K0aU2jbCNWfGrbfYkAx9Nclgbm/rubaHAT3HjWk/Eegq782rzcRoE28/F5GKrVHLM7LRffVkzwbO3HNwmg+Y/bksusUqm/7QWxhXDelpUiUhvo5mDdAD64qU1fGafZtuvEaHFSH89dtSx9a2GJABVzs0lT9QOIjqT9+zCw3JKQibfxSjXni+yvnWvlAWd/g+KKsHKV/CJwCWZCtNP5wpxbsbnWrHrtmU/1YMfUMFcvCOz7puA0oKaqbk3Z7d+aka4Q3exmltA1w9RQV2uF52Vp8Iwl9UlYxIydZIVKaQaGIp5+CaBA04lRbJJXsqhgiIDsvo2aKfz87ZEZqgqWiQN0tTZaar2bvKM4IYokFis0g0GpNRJQ/vDleKHvMAvR5hr8wUzojVXZGM0JdSIhUk7qdIIacLbk0kOqkqpiIq2u1YSr0WJB3l8KXEeUZjaKx9eLjebIea5fBj2qyJPmsNhUa2/og1iMneOlU+hc/QjJt2QfiCm15PNxyPKbzRizshOdmktGZ2SVkPt5CwAyDHVAanCR+hZKYoSd/jlCLW9yvTtYCy2jiWuFCY00qZDw8j+LflClvzwQazEdwHji82ueVJtoKlZIMktYGRAmKJkCG8ATcmQ0eI+33Ygg1sTfVHtvkbUNo+zMHzQAXFaDFJ2vSUANeDZYOha+YPPBo6icVlT3FRFmqMppErEjXGiY32FFOPwflOnpn7P5a2maNOCqQCyQ5mGyUwU6JbBk94HpVfRJZCetn2WRkgK+eqTlxUwwS9gM7AwshrN1cnYL3UAlSiQnddny2PzBNWCUqSm425lcgRSjljExWc+UQhaVGPkmpjfQB3j9XzvJPrIu7EPpGvbT56GMj6vsKh0Ob7O12+C4n+8FNEVM4A9rdky2VZ8C1OSyXMSn/2ZlrtofP+BOPAs+kH7JY4C1XH8KBYkNshxyCG9061KrEwqzqonWzwzECzDoA7dQJWRE47DKS1S6kUpHxgW8BTPPEt9tvZ6mnrplaaEVwJIu4HBXbOIZ0TkHMeTFZYx3NxQwnwDPa9ZuA9ANBola0qpxbOLj697gdWRRLgKxyN6eOh60iyoobv1sv9zU1rKBH4bgDq99lyMBnnZLjml1RMgSet76bPPfGnedFjA==,iv:rcm808lPUK9FdC+8yyfYRv7EmBPJaZHoWyrMil/VfWc=,tag:Dw26Rfu9ab3aavzCS3+igQ==,type:str]
10+
namespace: ENC[AES256_GCM,data:xFCVQEa1vnU129bL4BGhP6mNUyDGWVaKagIzZw==,iv:eTpmeH5s/M8bh1lWnbFFRd7kGt3sj0iw1lOgpjCU+0E=,tag:eVzoPsV22QZzD43Lv6FSIw==,type:str]
11+
token: ENC[AES256_GCM,data:UX4aEeyLGrWYym12Q0rsIzPXnvvRVrb8RXGrbYTm5WshxPRQua9W6dEAUUpcKE7FDBYiAL+BZi+TokuwGuvXhOAiwc+fbpVl97p6NpFhVd7i5IKKkKPXKYfHJZ5ZvVDjDv7Np20nPJHmZLH248AGBzQjj9iJWCLLcN4mGp3YdTU4KyGrw3cWXbkUMQsLU5Dl2zHg3XCKVbDYjj0ipg3uYoZHp0p35cA8korhOJBIHKoXtX0kwEcojFu8zngbZR7VPFcPkk6CAqjNA6ilDMi942E/Xu+qRqd4wbi2pvm9oTIDYD42XxexX7ZlQFDh8Q0D5GFWljvqert2FXFeFMItTkf042iqtv+cQwSWfPjN8laiNp9wXXO1wPskM+Bb+7y7UOq3qrWAwtQZ9v+Nt0wJuTYUK85pKUu4tTomGJ857j+xK3AOld+Os704hKjlPfWLbrbZPG6gJ6TX8le0G9YyIavf/v3yPx+nALThKowreNBcau1soPWEvxoxdJ14Wm6e+KxO5NFT3iaJKn2+1tgRV/upZhert9MK/xPWB0JbSQp+66vGaOXblMufkMiaHjmMoEbmPKXQdOKyuPhtaDTcJQTN9d5J3tLJlgfzUtE+2MnU46lZmLyjgw3iGcXkmIeuXEv8Z997ts/ypuvA7Hy0XgtUPSqV99cMXgdtQijZVfYXdDXfJjmbawgNjFoXaheSbM/uvMXHqQO6kX7ZP5oQSYc8+WJbB7bwW0pkYpNch1lzEpK9jrU2Ujp0nVL+rA9aiHAO+doyu/qdH/UgkUgHX27V3nlk0rQf0lmxbBNOO9vjMGpJNXI4Api9ovEuyt8AxjmyORV+Ak8hgCo/ce3ovDE+Ok26sMsBvLGTcSAy63fZ/0yKBlFkPhmEIHoEJOK6Z82aTp4V2OCnhVR2CocAuz7HHO1VGh3P+gteIsL7RdjDXhO9/0cpr8CJfbyp+Js7+I2ucFuVEE/koYtC3VgMhC0GMYTuJFkwCZumOtDD3FF8ud8J0JZMgkwTlIyhS8Jc9AySXmZZw5qNUmJ/cW3fJmv7lbcQIe0GxqojBCcCPzkm9O+0MwtjM6KueeqUcoWFIqG1UipaO4DVoEiCm8Y19X21NxzZgjDIJVQT8n9k2C6wvnLWQJuaLE5jglsIGfM3/lc27EL+eYwyMaRO8w1fPopuXaCAvQBkJtUf80CPTebTVzo4roFDFkXnCz3/nToXELoogbCdwiD9ZSd4zCMbqrg3kSrKO0AqWjqtHXm3whMNgIlC9z3t3H0+VL42GE+TKTyNtQNk0tDdV7hJ8RIiKRYuSzXCHPuaIPKKegewNun+SN9t2/B4thOQCYk7AzZtn9B0hI7YoyTe2DGdRl9MygIWvC8ChZ/DVwa/eL9xvD6fKioItC/BQRlVITTV2p6lmZXE2RI1RNaa7FbkwW/g8m5owUYXkRw0S7TDXYHsNohUjoDBh/mrJ/nOEtkEYhYcrtBDwYVDHDc2+V7+GYh8+e1mSkLuNqAUdr7kXz/VAoEZMTjOY5UMpQ4g7y6T4JqZLzf4DtEuzSa8Gab9Ra8Zj10qF8xPyytINOj2eQ8SC6jAsdlVs9toN3+TiI7GSTPAVjcWLLieVNRlxOgsQP7U3wwvO/W2XkrkKY5gb/rUv1AA1eAEezR44eBQtJzocI/OkYHrDC0iJfbMwckMZdVltPSxs4SR2EU1wtZJ7r/+lHqu3Hf6/44E4zzztfeEgjAoyV02SUOvVUSB5GeZ4w6G1ZGPyuaAB5Izeu+00p2v4TeIMS04f21qA8a6k5Au5/WcaNp5zw==,iv:BhVtp7ETOjZ1HsOMLEmGKs2QMc6MR2KPdbAEIOOTPss=,tag:L/Wb6gfgri11fabioqPj2Q==,type:str]
12+
type: kubernetes.io/service-account-token
13+
sops:
14+
kms:
15+
- arn: arn:aws:kms:eu-central-1:729560437327:alias/sops
16+
created_at: "2022-09-02T10:33:43Z"
17+
enc: AQICAHi6LQQvIhnSAvomoXCu+jcBZlWiugdvqoPaQnWm1x1PbwET13eF16igAYA47X9hYGsZAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMpU80vKyZfR0qrqVHAgEQgDt1iyQmpr0+lfE6TPKNIJRva2/uaHi9N+hNppPKetsII3X/htXKG2NWDe7B6fIxjInlt25XYOVyqGR4PQ==
18+
aws_profile: ""
19+
gcp_kms: []
20+
azure_kv: []
21+
hc_vault: []
22+
age: []
23+
lastmodified: "2022-09-02T10:33:43Z"
24+
mac: ENC[AES256_GCM,data:koHK5ICsdEaSef4i2rNsba4pZP+M6NbPI4YUzWJVA6X9HPw+Fo9w29aivHkMKK8RCzTy5c81tbURJIGSsZehcEf2TcjZ1uRDWjmyYL+hbTrP5Cr1u5thWGAMWSFDLiypN4VwWP7omfv20fxuwH/qtda0v05JVACtlmF+or9OBLc=,iv:rJYpTGbIiN6lBzaS6YMHFpcM0aXU5WAaNeC0h747GL0=,tag:S68pfPFIWtJalwXa37hjAA==,type:str]
25+
pgp:
26+
- created_at: "2022-09-02T10:33:43Z"
27+
enc: |-
28+
-----BEGIN PGP MESSAGE-----
29+
30+
wcFOA4duewNlKmHnEAgAjg1eW+6OkzlmsCXQ/LKl2qqFdegj9A9NEvkvRsrfOZyj
31+
/35ezxQrjB4QSZJNM/fdCEDClNYUjD1gUzkIQRJN6CdjeBkQUgNdJseZ9dRJBwHN
32+
XAF4JWCRCGfuy3DfkGTN1olhkCwXABnUEd5bjAfHPZv/a5cGglKYd/dqwzHSamET
33+
uaEVkI8wIMGmJjRzfTbsEXaI1UYOxbl8N2u1crqCmtDcbEd67ptv/ZNpXXp45+p5
34+
LdNQCY0mqtmBDUZaaQUr184yf08NRHIc9/D3z08IuCfAuslHqmlQZQDzpXVcKgNh
35+
HhA5ijPWIbDDyotDKhE9M6XMKQ0xS0n/kGaPB1cblAf+IMEtKiHHRzP8oJhmfOna
36+
g4saeDnuDRbll1r9cVt0NDJKT/ssw5fz/yJjcB2OQMmxFJIOdOuvIQf8ZfIXrYLo
37+
z6l6HHJhCQjjcoY49U8rskZZbdXx5h40jqSQSvHnV5u99O0Rk1+JG67SD72EaPhF
38+
JY2HP6SJ1/zXd/k/P4wRjSIpuLJBgL0pKShlJwu7inj2I9Pba8KXuXt1Z6E3xkHN
39+
t1Y+0PJT9zP3SRN+vFBa1XGHgZtV8HjnIPtdGP6aw3JEOqvQa0n5nne3avvIKDl5
40+
+1+16Aubi7yhrPmPbVMgwT5lcW/z1McJbqqCNKA+cIhWY6/BrHVCZZxysIpHtMVC
41+
iNJRAUa6l58gSXele7Gwm97TLJKyMTxb6ZWd3XFMtG6OELlxx5JOHwynF7iouqgr
42+
WbBcvR2LZPgdcN0aZGa9tUQwaw/A7KVfEbKVegBhfU3n6wni
43+
=X6kE
44+
-----END PGP MESSAGE-----
45+
fp: 431A7F3379B5B00519077B732BD87EC4BA898363
46+
encrypted_regex: ^(data|stringData)$
47+
version: 3.7.3

clusters/aws-dev-mgmt/flux/cluster-apps/kubernetes-dashboard/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
22
kind: Kustomization
33
resources:
44
- kubernetes-dashboard-clusterrolebinding.yaml
5+
- kubernetes-dashboard-token-secret.yaml
56

67
generatorOptions:
78
disableNameSuffixHash: true

clusters/aws-dev-mgmt/flux/cluster-apps/oauth2-proxy/oauth2-proxy-group-helmrelease-values.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ config:
1616
ssl_insecure_skip_verify = "true"
1717
upstreams = [ "file:///dev/null" ]
1818
whitelist_domains = ".${CLUSTER_FQDN}"
19+
cookie_secure = "false"
1920
authenticatedEmailsFile:
2021
enabled: true
2122
restricted_access: |-

clusters/aws-dev-mgmt/flux/cluster-apps/podinfo/podinfo-group-helmrelease-values.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ ingress:
1212
nginx.ingress.kubernetes.io/configuration-snippet: |
1313
auth_request_set $email $upstream_http_x_auth_request_email;
1414
proxy_set_header X-Email $email;
15+
proxy_set_header Authorization "Bearer ${KUBERNETES_DASHBOARD_TOKEN}";
16+
proxy_pass_header Authorization;
1517
className: nginx
1618
hosts:
1719
- host: podinfo.${CLUSTER_FQDN}

clusters/aws-dev-mgmt/mgmt01.k8s.use1.dev.proj.aws.mylabs.dev/flux/flux-system/gotk-sync.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ metadata:
66
spec:
77
interval: 1m0s
88
ref:
9-
branch: main
9+
branch: improve-oauth2
1010
secretRef:
1111
name: flux-system
1212
url: ssh://[email protected]/ruzickap/k8s-tf-eks-gitops.git

0 commit comments

Comments
 (0)