diff --git a/common/oidc-client/oauth2-proxy/base/deployment.yaml b/common/oidc-client/oauth2-proxy/base/deployment.yaml index 639576da59..d497564809 100644 --- a/common/oidc-client/oauth2-proxy/base/deployment.yaml +++ b/common/oidc-client/oauth2-proxy/base/deployment.yaml @@ -19,9 +19,6 @@ spec: configMap: name: oauth2-proxy defaultMode: 420 - - name: oauth2-proxy - secret: - secretName: oauth2-proxy containers: - name: oauth2-proxy image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 @@ -36,18 +33,25 @@ spec: containerPort: 44180 protocol: TCP env: + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + name: oauth2-proxy + key: client-id + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: oauth2-proxy + key: client-secret - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: name: oauth2-proxy - key: COOKIE_SECRET + key: cookie-secret volumeMounts: - name: configmain mountPath: /etc/oauth2_proxy/oauth2_proxy.cfg subPath: oauth2_proxy.cfg - - name: oauth2-proxy - subPath: CLIENT_SECRET - mountPath: "/etc/oauth2_proxy/CLIENT_SECRET" livenessProbe: httpGet: path: /ping diff --git a/common/oidc-client/oauth2-proxy/base/kustomization.yaml b/common/oidc-client/oauth2-proxy/base/kustomization.yaml index 5d5d6f7590..24f56f8e4b 100644 --- a/common/oidc-client/oauth2-proxy/base/kustomization.yaml +++ b/common/oidc-client/oauth2-proxy/base/kustomization.yaml @@ -1,6 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: oauth2-proxy + resources: - deployment.yaml - namespace.yaml @@ -17,31 +19,28 @@ resources: secretGenerator: - name: oauth2-proxy type: Opaque - envs: - - secret_params.env - -namespace: oauth2-proxy - -generatorOptions: - disableNameSuffixHash: true + literals: + - "client-id=kubeflow-oidc-authservice" + - "client-secret=pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok" + - "cookie-secret=7d16fee92f8d11b8940b081b3f8b8acb" -vars: - - name: AUTHSERVICE_NAMESPACE - objref: - kind: Service - name: oauth2-proxy - apiVersion: v1 - fieldref: - fieldpath: metadata.namespace - - name: AUTHSERVICE_SERVICE - objref: - kind: Service - name: oauth2-proxy - apiVersion: v1 - fieldref: - fieldpath: metadata.name -configurations: - - params.yaml +# vars: +# - name: AUTHSERVICE_NAMESPACE +# objref: +# kind: Service +# name: oauth2-proxy +# apiVersion: v1 +# fieldref: +# fieldpath: metadata.namespace +# - name: AUTHSERVICE_SERVICE +# objref: +# kind: Service +# name: oauth2-proxy +# apiVersion: v1 +# fieldref: +# fieldpath: metadata.name +# configurations: +# - params.yaml images: - name: quay.io/oauth2-proxy/oauth2-proxy diff --git a/common/oidc-client/oauth2-proxy/base/oauth2-proxy-config.yaml b/common/oidc-client/oauth2-proxy/base/oauth2-proxy-config.yaml index c042991d87..4831afc15b 100644 --- a/common/oidc-client/oauth2-proxy/base/oauth2-proxy-config.yaml +++ b/common/oidc-client/oauth2-proxy/base/oauth2-proxy-config.yaml @@ -12,8 +12,6 @@ data: upstreams = "static://200" email_domains = [ "*" ] skip_auth_regex=["/dex/.*"] - client_id = "kubeflow-oidc-authservice" - client_secret_file = "/etc/oauth2_proxy/CLIENT_SECRET" # --- # OIDC Discovery has to be skipped and login url has to be provided directly # in order to enable relative auth redirect. diff --git a/common/oidc-client/oauth2-proxy/base/secret_params.env b/common/oidc-client/oauth2-proxy/base/secret_params.env deleted file mode 100644 index 72317147d9..0000000000 --- a/common/oidc-client/oauth2-proxy/base/secret_params.env +++ /dev/null @@ -1,2 +0,0 @@ -COOKIE_SECRET=7d16fee92f8d11b8940b081b3f8b8acb -CLIENT_SECRET=pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok