Commit ae069301 authored by Dmytro Bogatov's avatar Dmytro Bogatov 💕

Fix dashboard.

parent 3685df90
Pipeline #3223 passed with stage
in 16 seconds
......@@ -168,19 +168,26 @@ else
echo "Dashboard auth configs..."
rm -rf dashboard/
mkdir -p dashboard/dashboard-auth
cp sources/dashboard-auth/*.yaml dashboard/dashboard-auth/
mkdir -p dashboard
cp ./sources/dashboard/*.yaml ./dashboard
COOKIE_SECRET=$(dd if=/dev/urandom bs=16 count=1 2>/dev/null | base64)
# mkdir -p dashboard/dashboard-auth
# cp sources/dashboard-auth/*.yaml dashboard/dashboard-auth/
sed -i -e "s#__OAUTH2_PROXY_COOKIE_SECRET__#$COOKIE_SECRET#g" dashboard/dashboard-auth/oauth2-proxy.yaml
sed -i -e "s#__OAUTH2_PROXY_CLIENT_SECRET__#$OAUTH2_PROXY_CLIENT_SECRET#g" dashboard/dashboard-auth/oauth2-proxy.yaml
# COOKIE_SECRET=$(dd if=/dev/urandom bs=16 count=1 2>/dev/null | base64)
# sed -i -e "s#__OAUTH2_PROXY_COOKIE_SECRET__#$COOKIE_SECRET#g" dashboard/dashboard-auth/oauth2-proxy.yaml
# sed -i -e "s#__OAUTH2_PROXY_CLIENT_SECRET__#$OAUTH2_PROXY_CLIENT_SECRET#g" dashboard/dashboard-auth/oauth2-proxy.yaml
DASHBOARD_TOKEN=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | grep token: )
DASHBOARD_TOKEN="${DASHBOARD_TOKEN:7:${#DASHBOARD_TOKEN}}"
sed -i -e "s#__DASHBOARD_TOKEN__#$DASHBOARD_TOKEN#g" dashboard/dashboard-auth/ingreses.yaml
sed -i -e "s#Bearer #Bearer #g" dashboard/dashboard-auth/ingreses.yaml
# sed -i -e "s#__DASHBOARD_TOKEN__#$DASHBOARD_TOKEN#g" dashboard/dashboard-auth/ingreses.yaml
# sed -i -e "s#Bearer #Bearer #g" dashboard/dashboard-auth/ingreses.yaml
sed -i -e "s#__DASHBOARD_TOKEN__#$DASHBOARD_TOKEN#g" dashboard/ingress.yaml
sed -i -e "s#Bearer #Bearer #g" dashboard/ingress.yaml
else
echo "~/.secrets/ does not exist. Probably running from CI. Skipping dashboard configs..."
fi
......
......@@ -164,7 +164,7 @@ kubectl apply -R -f sources/nginx/
kubectl apply -R -f services/
kubectl apply -R -f dashboard/
kubectl apply -R -f ./dashboard/
echo "Deploying status site"
......
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "public"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/auth-secret: basic-auth
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required!"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Authorization "Bearer __DASHBOARD_TOKEN__";
name: dashboard
namespace: kube-system
spec:
rules:
- host: dashboard-dbogatov-org.cluster.dbogatov.org
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 443
path: /
- host: dashboard.dbogatov.org
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 443
path: /
tls:
- hosts:
- dashboard-dbogatov-org.cluster.dbogatov.org
- dashboard.dbogatov.org
secretName: lets-encrypt
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment