-
Notifications
You must be signed in to change notification settings - Fork 10
/
auth_proxy.yml
56 lines (55 loc) · 1.75 KB
/
auth_proxy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
version: "3"
services:
cryostat:
expose:
- "${CRYOSTAT_HTTP_PORT}"
environment:
QUARKUS_HTTP_PROXY_PROXY_ADDRESS_FORWARDING: 'true'
QUARKUS_HTTP_PROXY_ALLOW_X_FORWARDED: 'true'
QUARKUS_HTTP_PROXY_ENABLE_FORWARDED_HOST: 'true'
QUARKUS_HTTP_PROXY_ENABLE_FORWARDED_PREFIX: 'true'
QUARKUS_HTTP_PROXY_TRUSTED_PROXIES: localhost:8080,auth:8080
healthcheck:
test: curl --fail http://cryostat:8181/health/liveness || exit 1
interval: 10s
retries: 3
start_period: 30s
timeout: 5s
auth:
# the proxy does not actually depend on cryostat being up, but we use this
# to ensure that when the smoketest tries to open the auth login page in a
# browser tab, it does so only after the upstream cryostat is actually
# available to be proxied to
depends_on:
cryostat:
condition: service_healthy
deploy:
resources:
limits:
cpus: '0.1'
memory: 32m
image: ${OAUTH2_PROXY_IMAGE:-quay.io/oauth2-proxy/oauth2-proxy:latest}
command: --alpha-config=/tmp/auth_proxy_alpha_config.yaml
volumes:
- auth_proxy_cfg:/tmp
hostname: auth
ports:
- "8080:8080"
labels:
kompose.service.expose: "auth"
environment:
OAUTH2_PROXY_HTPASSWD_FILE: /tmp/auth_proxy_htpasswd
OAUTH2_PROXY_HTPASSWD_USER_GROUP: write
OAUTH2_PROXY_REDIRECT_URL: http://localhost:8080/oauth2/callback
OAUTH2_PROXY_COOKIE_SECRET: __24_BYTE_COOKIE_SECRET_
# OAUTH2_PROXY_SKIP_AUTH_ROUTES: .*
restart: unless-stopped
healthcheck:
test: wget -q --spider http://localhost:8080/ping || exit 1
interval: 10s
retries: 3
start_period: 30s
timeout: 5s
volumes:
auth_proxy_cfg:
external: true