mlops_platform/unip-controller
11
7
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
unip-controller/controller/templates/api-component/oauth2-proxy-deployment.yaml
SmartMLOps HSE 69a1c2fd2e initial commit
2025-04-15 20:56:15 +03:00

88 lines
3.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ============================================================
# Система: Единая библиотека, Центр ИИ НИУ ВШЭ
# Модуль: APIComponent
# Авторы: Полежаев В.А., Хританков А.С.
# Дата создания: 2025 г.
# ============================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ deployment_name }}
namespace: {{ namespace }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ selector_label }}
template:
metadata:
labels:
app: {{ selector_label }}
spec:
initContainers:
- name: init
image: busybox:1.37.0
volumeMounts:
- name: groups-secret-volume
mountPath: /unip/groups-secret
readOnly: true
- name: prepared-groups-var-volume
mountPath: /unip/prepared-groups-var
command: [ 'sh', '-c', 'echo -n "OIDC_GROUPS=" > /unip/prepared-groups-var/groups-var && cat /unip/groups-secret/groups | paste -sd "," - >> /unip/prepared-groups-var/groups-var' ]
resources:
limits:
memory: 64M
cpu: 100m
containers:
- command: ["/bin/sh", "-c"]
args:
- -c
- >-
source <(grep "=" /unip/prepared-groups-var/groups-var) &&
/bin/oauth2-proxy
--provider=keycloak-oidc
--client-id={{ client_id }}
--client-secret={{ client_secret }}
--cookie-secret={{ cookie_secret }}
--redirect-url={{ redirect_url }}
--oidc-issuer-url={{ oidc_issuer_url }}
--skip-jwt-bearer-tokens=true
{% if oidc_extra_audience %}
--oidc-extra-audience={{ oidc_extra_audience }}
{% endif %}
{% if extra_jwt_issuers %}
--extra-jwt-issuers={{ extra_jwt_issuers }}
{% endif %}
--email-domain=*
--cookie-httponly=false
--set-xauthrequest=true
--set-basic-auth=true
--basic-auth-password=default
--allowed-group=$OIDC_GROUPS
{% if roles %}
--allowed-role={{ roles }}
{% endif %}
--code-challenge-method=S256
--proxy-prefix={{ proxy_prefix }}
--upstream=file:///dev/null
--http-address=0.0.0.0:{{ container_port }}
image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
imagePullPolicy: IfNotPresent
name: oauth2-proxy
ports:
- containerPort: {{ container_port }}
protocol: TCP
resources:
limits:
memory: 64M
cpu: 100m
volumeMounts:
- name: prepared-groups-var-volume
mountPath: /unip/prepared-groups-var
volumes:
- name: groups-secret-volume
secret:
secretName: {{ groups_secret_name }}
- name: prepared-groups-var-volume
emptyDir:
sizeLimit: 10Mi
Reference in a new issue View git blame Copy permalink