Aner Zakobar
25 lines
1.5 KiB
YAML
25 lines
1.5 KiB
YAML
---
|
|
{{- define "homey.auth.ingress.annotations" }}
|
|
# nginx.ingress.kubernetes.io/auth-signin: "https://auth.zakobar.com"
|
|
nginx.ingress.kubernetes.io/auth-url: "http://ldap-auth-internal.{{ .Release.Namespace }}.svc.cluster.local:80"
|
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Email
|
|
nginx.ingress.kubernetes.io/location-snippets: |-
|
|
auth_request /auth
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |-
|
|
location /auth {
|
|
# proxy_pass http://ldap-auth-internal;
|
|
proxy_pass_request_body off;
|
|
#THIS NEEDS TO BE SET BY ACTUAL SOMETHING LOGIN SHIT
|
|
# proxy_set_header X-Target http://ldap-auth-internal.{{ .Release.Namespace }}.svc.cluster.local:80;
|
|
proxy_set_header X-Ldap-URL "ldap://openldap";
|
|
proxy_set_header X-Ldap-BaseDN "ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}";
|
|
proxy_set_header X-Ldap-BindDN "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}";
|
|
proxy_set_header X-Ldap-BindPass {{ (get (get (lookup "v1" "Secret" .Release.Namespace "openldap-ro") "data") "password") | b64dec | quote}};
|
|
proxy_set_header X-CookieName "homey.auth.cookie";
|
|
proxy_set_header Cookie $cookie_homey.auth.cookie;
|
|
proxy_set_header X-Remote-User $remote_user;
|
|
proxy_set_header X-Forwarded-Method $request_method;
|
|
proxy_set_header X-Ldap-Template "(uid=%(username)s)";
|
|
}
|
|
{{- end }}
|