feat(forward-auth): migrate to app-template v2 #2166
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- kubernetes HelmRelease: traefik-ingress/traefik-forward-auth Service: traefik-ingress/traefik-forward-auth
+++ kubernetes HelmRelease: traefik-ingress/traefik-forward-auth Service: traefik-ingress/traefik-forward-auth
@@ -1,21 +1,22 @@
---
apiVersion: v1
kind: Service
metadata:
name: traefik-forward-auth
labels:
- app.kubernetes.io/service: traefik-forward-auth
app.kubernetes.io/instance: traefik-forward-auth
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: traefik-forward-auth
+ app.kubernetes.io/service: traefik-forward-auth
spec:
type: ClusterIP
ports:
- port: 4181
- targetPort: http
+ targetPort: 4181
protocol: TCP
name: http
selector:
+ app.kubernetes.io/component: main
app.kubernetes.io/instance: traefik-forward-auth
app.kubernetes.io/name: traefik-forward-auth
--- kubernetes HelmRelease: traefik-ingress/traefik-forward-auth Deployment: traefik-ingress/traefik-forward-auth
+++ kubernetes HelmRelease: traefik-ingress/traefik-forward-auth Deployment: traefik-ingress/traefik-forward-auth
@@ -1,41 +1,44 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-forward-auth
labels:
+ app.kubernetes.io/component: main
app.kubernetes.io/instance: traefik-forward-auth
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: traefik-forward-auth
+ annotations:
+ secret.reloader.stakater.com/reload: traefik-forward-auth
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: RollingUpdate
selector:
matchLabels:
+ app.kubernetes.io/component: main
app.kubernetes.io/name: traefik-forward-auth
app.kubernetes.io/instance: traefik-forward-auth
template:
metadata:
- annotations:
- secret.reloader.stakater.com/reload: traefik-forward-auth
labels:
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: traefik-forward-auth
app.kubernetes.io/name: traefik-forward-auth
- app.kubernetes.io/instance: traefik-forward-auth
spec:
+ enableServiceLinks: true
serviceAccountName: default
automountServiceAccountToken: true
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
dnsPolicy: ClusterFirst
- enableServiceLinks: true
containers:
- - name: traefik-forward-auth
- image: thomseddon/traefik-forward-auth:v2.2.0
- imagePullPolicy: null
- env:
+ - env:
- name: AUTH_HOST
value: auth.${SECRET_DOMAIN}
- name: COOKIE_DOMAIN
value: ${SECRET_DOMAIN}
- name: DOMAIN
value: ${SECRET_DOMAIN}
@@ -47,38 +50,36 @@
value: info
- name: URL_PATH
value: /_oauth
envFrom:
- secretRef:
name: traefik-forward-auth
- ports:
- - name: http
- containerPort: 4181
- protocol: TCP
+ image: thomseddon/traefik-forward-auth:v2.2.0
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
tcpSocket:
port: 4181
timeoutSeconds: 1
+ name: main
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
- tcpSocket:
- port: 4181
- timeoutSeconds: 1
- startupProbe:
- failureThreshold: 30
- initialDelaySeconds: 0
- periodSeconds: 5
tcpSocket:
port: 4181
timeoutSeconds: 1
resources:
limits:
memory: 50Mi
requests:
cpu: 5m
memory: 10Mi
+ startupProbe:
+ failureThreshold: 30
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ tcpSocket:
+ port: 4181
+ timeoutSeconds: 1
|
--- kubernetes/talos-flux/apps/traefik-ingress/traefik/forward-auth Kustomization: flux-system/apps-traefik-forward-auth HelmRelease: traefik-ingress/traefik-forward-auth
+++ kubernetes/talos-flux/apps/traefik-ingress/traefik/forward-auth Kustomization: flux-system/apps-traefik-forward-auth HelmRelease: traefik-ingress/traefik-forward-auth
@@ -9,13 +9,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s-charts
namespace: flux-system
- version: 1.5.1
+ version: 2.2.0
install:
remediation:
retries: 3
replace: true
timeout: 5m
interval: 15m
@@ -30,55 +30,60 @@
cleanupOnFail: true
remediation:
remediateLastFailure: true
retries: 3
strategy: rollback
values:
- controller:
- strategy: RollingUpdate
- env:
- AUTH_HOST: auth.${SECRET_DOMAIN}
- COOKIE_DOMAIN: ${SECRET_DOMAIN}
- DOMAIN: ${SECRET_DOMAIN}
- INSECURE_COOKIE: 'false'
- LIFETIME: '604800'
- LOG_LEVEL: info
- URL_PATH: /_oauth
- envFrom:
- - secretRef:
- name: traefik-forward-auth
- image:
- repository: thomseddon/traefik-forward-auth
- tag: v2.2.0
+ controllers:
+ main:
+ annotations:
+ secret.reloader.stakater.com/reload: traefik-forward-auth
+ containers:
+ main:
+ env:
+ AUTH_HOST: auth.${SECRET_DOMAIN}
+ COOKIE_DOMAIN: ${SECRET_DOMAIN}
+ DOMAIN: ${SECRET_DOMAIN}
+ INSECURE_COOKIE: 'false'
+ LIFETIME: '604800'
+ LOG_LEVEL: info
+ URL_PATH: /_oauth
+ envFrom:
+ - secretRef:
+ name: traefik-forward-auth
+ image:
+ repository: thomseddon/traefik-forward-auth
+ tag: v2.2.0
+ resources:
+ limits:
+ memory: 50Mi
+ requests:
+ cpu: 5m
+ memory: 10Mi
+ strategy: RollingUpdate
ingress:
main:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
external-dns.alpha.kubernetes.io/target: ${SECRET_CLOUDFLARE_TUNNEL_ID}.cfargotunnel.com
kubernetes.io/tls-acme: 'true'
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-ingress-sso@kubernetescrd
+ className: traefik
enabled: true
hosts:
- host: auth.${SECRET_DOMAIN}
paths:
- path: /
- pathType: Prefix
- ingressClassName: traefik
+ service:
+ name: main
+ port: http
tls:
- hosts:
- auth.${SECRET_DOMAIN}
secretName: '{{ .Release.Name }}-tls'
- podAnnotations:
- secret.reloader.stakater.com/reload: traefik-forward-auth
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
service:
main:
ports:
http:
port: 4181
|
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by OX Security |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.