KaustubhKhati/dashboard_ingress.yaml

## dashboard_ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
    ingress.kubernetes.io/auth-signin: https://$host/oauth2/start
    ingress.kubernetes.io/secure-backends: "true"
    kubernetes.io/ingress.class: nginx
  name: external-auth-oauth2
  namespace: kube-system
spec:
  rules:
  - host: dashboard.example.com
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 8443
        path: /
---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: oauth2-proxy
  namespace: kube-system
spec:
  rules:
  - host: dashboard.example.com
    http:
      paths:
      - backend:
          serviceName: oauth2-proxy
          servicePort: 4180
        path: /oauth2

## oauth2_proxy
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    k8s-app: oauth2-proxy
  name: oauth2-proxy
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: oauth2-proxy
  template:
    metadata:
      labels:
        k8s-app: oauth2-proxy
    spec:
      containers:
      - args:
        - --provider=github
        - --email-domain=*
        - --upstream=file:///dev/null
        - --http-address=0.0.0.0:4180
        - --login-url=https://github.enterprise.org/login/oauth/authorize
        - --redeem-url=https://github.enterprise.org/login/oauth/access_token
        - --validate-url=https://github.enterprise.org/api/v3
        env:
        - name: OAUTH2_PROXY_CLIENT_ID
          value: <ID>
        - name: OAUTH2_PROXY_CLIENT_SECRET
          value: <SECRET>
        # python -c 'import os,base64; print base64.b64encode(os.urandom(16))'
        - name: OAUTH2_PROXY_COOKIE_SECRET
          value: <COOKIE>
        image: <IMAGE> #can use this https://hub.docker.com/r/colemickens/oauth2_proxy/
        imagePullPolicy: Always
        name: oauth2-proxy
        ports:
        - containerPort: 4180
          protocol: TCP

---

apiVersion: v1
kind: Service
metadata:
  labels:
    k8s-app: oauth2-proxy
  name: oauth2-proxy
  namespace: kube-system
spec:
  ports:
  - name: http
    port: 4180
    protocol: TCP
    targetPort: 4180
  selector:
    k8s-app: oauth2-proxy
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	annotations:
	ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
	ingress.kubernetes.io/auth-signin: https://$host/oauth2/start
	ingress.kubernetes.io/secure-backends: "true"
	kubernetes.io/ingress.class: nginx
	name: external-auth-oauth2
	namespace: kube-system
	spec:
	rules:
	- host: dashboard.example.com
	http:
	paths:
	- backend:
	serviceName: kubernetes-dashboard
	servicePort: 8443
	path: /
	---

	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	name: oauth2-proxy
	namespace: kube-system
	spec:
	rules:
	- host: dashboard.example.com
	http:
	paths:
	- backend:
	serviceName: oauth2-proxy
	servicePort: 4180
	path: /oauth2
	apiVersion: extensions/v1beta1
	kind: Deployment
	metadata:
	labels:
	k8s-app: oauth2-proxy
	name: oauth2-proxy
	namespace: kube-system
	spec:
	replicas: 1
	selector:
	matchLabels:
	k8s-app: oauth2-proxy
	template:
	metadata:
	labels:
	k8s-app: oauth2-proxy
	spec:
	containers:
	- args:
	- --provider=github
	- --email-domain=*
	- --upstream=file:///dev/null
	- --http-address=0.0.0.0:4180
	- --login-url=https://github.enterprise.org/login/oauth/authorize
	- --redeem-url=https://github.enterprise.org/login/oauth/access_token
	- --validate-url=https://github.enterprise.org/api/v3
	env:
	- name: OAUTH2_PROXY_CLIENT_ID
	value: <ID>
	- name: OAUTH2_PROXY_CLIENT_SECRET
	value: <SECRET>
	# python -c 'import os,base64; print base64.b64encode(os.urandom(16))'
	- name: OAUTH2_PROXY_COOKIE_SECRET
	value: <COOKIE>
	image: <IMAGE> #can use this https://hub.docker.com/r/colemickens/oauth2_proxy/
	imagePullPolicy: Always
	name: oauth2-proxy
	ports:
	- containerPort: 4180
	protocol: TCP

	---

	apiVersion: v1
	kind: Service
	metadata:
	labels:
	k8s-app: oauth2-proxy
	name: oauth2-proxy
	namespace: kube-system
	spec:
	ports:
	- name: http
	port: 4180
	protocol: TCP
	targetPort: 4180
	selector:
	k8s-app: oauth2-proxy