Add oauth to MinIO (#35)
I want to use OAuth everywhere it's possible, so I need to create accounts in gitea only Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/35
This commit is contained in:
parent
1553a906d8
commit
db538f7181
@ -46,5 +46,5 @@ bases:
|
|||||||
- ../environments.yaml
|
- ../environments.yaml
|
||||||
- ../repositories.yaml
|
- ../repositories.yaml
|
||||||
|
|
||||||
helmfiles:
|
#helmfiles:
|
||||||
- namespaces.yaml
|
# - namespaces.yaml
|
||||||
|
@ -2,7 +2,17 @@ rootPassword: ENC[AES256_GCM,data:7baD0HwMztU27TymEWp+Ad1s8Zc=,iv:CXiTBEGU1tr99i
|
|||||||
users:
|
users:
|
||||||
- accessKey: ENC[AES256_GCM,data:9ZhHOes+vQM=,iv:ltKbQ0KW8/Jmn7kmTaGaDcerlkquTXhGr0wbMMwxNgA=,tag:X6n+44dvPAm4v2rcxYkPEQ==,type:str]
|
- accessKey: ENC[AES256_GCM,data:9ZhHOes+vQM=,iv:ltKbQ0KW8/Jmn7kmTaGaDcerlkquTXhGr0wbMMwxNgA=,tag:X6n+44dvPAm4v2rcxYkPEQ==,type:str]
|
||||||
secretKey: ENC[AES256_GCM,data:mzWBQcPitrpwIMqBrbtBs3RBDg==,iv:cLA6Wvmf5il54DFkNbwQ27wPxAm/eqSrxAc3MVELero=,tag:nUc83Ctqw4PTwirkUr803A==,type:str]
|
secretKey: ENC[AES256_GCM,data:mzWBQcPitrpwIMqBrbtBs3RBDg==,iv:cLA6Wvmf5il54DFkNbwQ27wPxAm/eqSrxAc3MVELero=,tag:nUc83Ctqw4PTwirkUr803A==,type:str]
|
||||||
policy: ENC[AES256_GCM,data:B7CQsSUaq3B/gO/X,iv:Z4DTTXk5TO288lIrjbvXQXsUt44WjvGLMGxXmnEnHGU=,tag:pvK4zoZGBbpithTBYVDKfQ==,type:str]
|
policy: ENC[AES256_GCM,data:szr/D/u/ng0=,iv:jzm7Q4zdKQpNV0FgJ4jA9CuN7r912ySBJHmxKeQGS2I=,tag:cKarFmhIbBEtslSxOc4mcA==,type:str]
|
||||||
|
oidc:
|
||||||
|
enabled: ENC[AES256_GCM,data:lK45+A==,iv:NcoTJPt4XZGRlVRwpsmuI5nu66cGVksQBRAwRval5JY=,tag:kjtPLITQLBOqjF3IaJAL8w==,type:bool]
|
||||||
|
configUrl: ENC[AES256_GCM,data:ZNVvWPlFPA1xgfysavsEusfxE2ySIM9FYatYqfWPnUrHKMtCxYlrn1ip3nTYL2JHvjM3yltLBNbqWMCGlgtw,iv:p1F2DqCFaKvjYKhMieFytnMuggrec8DmBzDATLTVe+8=,tag:3EtpPSyRlGThov5OcZfV+g==,type:str]
|
||||||
|
clientId: ENC[AES256_GCM,data:kO7PkjN+5GqZCxChvtbTQb/5zo7nVxfh7MZqbDoJLIKMEfth,iv:ti3Xlc3sRVOVGtxGw/pT5iBy5rBqV2v+MhiNF3Krb9U=,tag:3LUDIkq08zGmvjJtSnE/jA==,type:str]
|
||||||
|
clientSecret: ENC[AES256_GCM,data:PVe+8SlNrznBiFVNpuQXIcuPkUXyUJ7DObZpRvlgA8JjUHXTy3VY7soyJVBZEMfYbNjSLLcKcWM=,iv:fbh2RcQdPf3jUt2AOI3xp09SSEaWzI4rLGZmlZY46uM=,tag:wvEBkkPsXoQXAP7fN1iDMA==,type:str]
|
||||||
|
claimName: ENC[AES256_GCM,data:K7IO7TyaAUr4U80Ni5Xt/bma,iv:R8RQLttCNMHpAit+3OQ/STXo7u6xqQ1+RYgGLpJTpn4=,tag:3Wsh7TNnh1V0GrqjF/4Uiw==,type:str]
|
||||||
|
redirectUri: ENC[AES256_GCM,data:+Q8cNCvslAcO4m7VJwNe/CpEntyHfuHOrHqqtlrDILkfc0IRAA8aSbZwbA2v+So=,iv:GwzNILyqLuAYUQFKbt5WE+VCdOzSTBmGCAHcCAnzxXk=,tag:p9/86/r2DfT1mkQu+aQJfQ==,type:str]
|
||||||
|
comment: ENC[AES256_GCM,data:TO3kA0i503ZA+EFhKa2AZw==,iv:Cl3NvvgXz71AaCgMl062urNtcBtgk832vtxTs9MJwik=,tag:JwerK2q1L7xMv/NIoWkESw==,type:str]
|
||||||
|
claimPrefix: ""
|
||||||
|
scopes: ENC[AES256_GCM,data:kyewug7Dv2UOcsc8UWe1ssepra8uBW7uYw==,iv:RfQQiwBWWSd9DSgSlYZFwyZy2xaizMuVjeCZAws3ddM=,tag:jnegIPBviRTPi4kwM1jexQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -18,8 +28,8 @@ sops:
|
|||||||
NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y
|
NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y
|
||||||
zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA==
|
zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-02-19T20:48:11Z"
|
lastmodified: "2023-03-12T10:17:38Z"
|
||||||
mac: ENC[AES256_GCM,data:MTcZ//5+uC+yFp+TmLhqdGIBpcaW96HpfUZeIUZijOffss401/XMOYprIILTPRq2B8kaCW2jp8hkL3oFDxSce0BGeqdRsFOlRL9vbtpyBPTUoGBnr6u/HK1G09zqtlsA/RZTvpBNoKrfdSvoWwoFIjs5oWPbi1f44gkgAl85ENM=,iv:07nSOo1F63sPgadSHtdI9JjtKjH/F9ThFW4sxWVGTxs=,tag:fFOO4sT6EFsAKje5llEUqg==,type:str]
|
mac: ENC[AES256_GCM,data:I6DCLZNMl3LuGif/mDDNKKODZ6O/CSYty0+N60Xw4go2mH9J8/PPX0fEYL0ilRG2VDLuZ86RTiPCwAtUXVrtu1jzlkajbZPytWMpURZk+4m2XxXSDrTHNt6KJglF29DhENCkVXeZ75fHSKOS0yliZ+Q/90Ye18FJSlvVUy6HSfM=,iv:4y4pU0OTK6c2Oj5LvoJALtcn5TJ7OQFNys2swbYkodU=,tag:GSPQ64Ntu/oYnz6BfWXOTg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
rootUser: 'overlord'
|
rootUser: 'overlord'
|
||||||
replicas: 1
|
replicas: 1
|
||||||
mode: standalone
|
mode: standalone
|
||||||
@ -24,13 +25,51 @@ resources:
|
|||||||
requests:
|
requests:
|
||||||
memory: 2Gi
|
memory: 2Gi
|
||||||
buckets:
|
buckets:
|
||||||
- name: allanger
|
- name: badhouseplants-net
|
||||||
policy: none
|
policy: download
|
||||||
purge: false
|
purge: false
|
||||||
versioning: true
|
versioning: false
|
||||||
|
- name: badhouseplants-net-main
|
||||||
|
policy: download
|
||||||
|
purge: false
|
||||||
|
versioning: false
|
||||||
metrics:
|
metrics:
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: false
|
enabled: false
|
||||||
public: true
|
public: true
|
||||||
additionalLabels: {}
|
additionalLabels: {}
|
||||||
|
policies:
|
||||||
|
- name: allanger
|
||||||
|
statements:
|
||||||
|
- resources:
|
||||||
|
- 'arn:aws:s3:::*'
|
||||||
|
actions:
|
||||||
|
- "s3:*"
|
||||||
|
- resources: []
|
||||||
|
actions:
|
||||||
|
- "admin:*"
|
||||||
|
- resources: []
|
||||||
|
actions:
|
||||||
|
- "kms:*"
|
||||||
|
- name: badhouseplants:owners
|
||||||
|
statements:
|
||||||
|
- resources:
|
||||||
|
- 'arn:aws:s3:::*'
|
||||||
|
actions:
|
||||||
|
- "s3:*"
|
||||||
|
- resources: []
|
||||||
|
actions:
|
||||||
|
- "admin:*"
|
||||||
|
- resources: []
|
||||||
|
actions:
|
||||||
|
- "kms:*"
|
||||||
|
- name: badhouseplants
|
||||||
|
statements:
|
||||||
|
- resources:
|
||||||
|
- 'arn:aws:s3:::badhouseplants'
|
||||||
|
actions:
|
||||||
|
- "s3:*"
|
||||||
|
- resources:
|
||||||
|
- 'arn:aws:s3:::badhouseplants/*'
|
||||||
|
actions:
|
||||||
|
- "s3:*"
|
||||||
|
@ -58,14 +58,14 @@ templates:
|
|||||||
metrics-server: &metrics-server
|
metrics-server: &metrics-server
|
||||||
name: metrics-server
|
name: metrics-server
|
||||||
chart: metrics-server/metrics-server
|
chart: metrics-server/metrics-server
|
||||||
version: 3.8.3
|
version: 3.8.4
|
||||||
values:
|
values:
|
||||||
- common/values.{{ .Release.Name }}.yaml
|
- common/values.{{ .Release.Name }}.yaml
|
||||||
|
|
||||||
cert-manager: &cert-manager
|
cert-manager: &cert-manager
|
||||||
name: cert-manager
|
name: cert-manager
|
||||||
chart: jetstack/cert-manager
|
chart: jetstack/cert-manager
|
||||||
version: 1.10.1
|
version: 1.11.0
|
||||||
set:
|
set:
|
||||||
- name: installCRDs
|
- name: installCRDs
|
||||||
value: true
|
value: true
|
||||||
@ -79,7 +79,7 @@ templates:
|
|||||||
argocd: &argocd
|
argocd: &argocd
|
||||||
name: argocd
|
name: argocd
|
||||||
chart: argo/argo-cd
|
chart: argo/argo-cd
|
||||||
version: 5.23.3
|
version: 5.25.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -89,7 +89,7 @@ templates:
|
|||||||
istio-common:
|
istio-common:
|
||||||
labels:
|
labels:
|
||||||
bundle: istio
|
bundle: istio
|
||||||
version: 1.16.1
|
version: 1.17.1
|
||||||
|
|
||||||
istio-base: &istio-base
|
istio-base: &istio-base
|
||||||
name: istio-base
|
name: istio-base
|
||||||
@ -141,7 +141,7 @@ templates:
|
|||||||
nrodionov: &nrodionov
|
nrodionov: &nrodionov
|
||||||
name: nrodionov
|
name: nrodionov
|
||||||
chart: bitnami/wordpress
|
chart: bitnami/wordpress
|
||||||
version: 15.2.22
|
version: 15.2.51
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -149,7 +149,7 @@ templates:
|
|||||||
minio: &minio
|
minio: &minio
|
||||||
name: minio
|
name: minio
|
||||||
chart: minio/minio
|
chart: minio/minio
|
||||||
version: 5.0.4
|
version: 5.0.7
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
@ -157,14 +157,14 @@ templates:
|
|||||||
minecraft: &minecraft
|
minecraft: &minecraft
|
||||||
name: minecraft
|
name: minecraft
|
||||||
chart: minecraft-server-charts/minecraft
|
chart: minecraft-server-charts/minecraft
|
||||||
version: 4.4.0
|
version: 4.6.0
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
|
|
||||||
gitea: &gitea
|
gitea: &gitea
|
||||||
name: gitea
|
name: gitea
|
||||||
chart: gitea/gitea
|
chart: gitea/gitea
|
||||||
version: 7.0.2
|
version: 7.0.4
|
||||||
inherit:
|
inherit:
|
||||||
- template: default-env-values
|
- template: default-env-values
|
||||||
- template: default-env-secrets
|
- template: default-env-secrets
|
||||||
|
Reference in New Issue
Block a user