jimmycuadra/kibana.tmpl.yml

## kibana.tmpl.yml
---
kind: "Template"
apiVersion: "v1"
metadata:
  name: "kibana"
objects:
  - kind: "Namespace"
    apiVersion: "v1"
    metadata:
      name: "kibana"
  - kind: "Secret"
    apiVersion: "v1"
    metadata:
      name: "oauth2-proxy"
      namespace: "kibana"
    data:
      client-id: "$(OAUTH2_PROXY_CLIENT_ID)"
      client-secret: "$(OAUTH2_PROXY_CLIENT_SECRET)"
      cookie-secret: "$(OAUTH2_PROXY_COOKIE_SECRET)"
    type: "Opaque"
  - kind: "Service"
    apiVersion: "v1"
    metadata:
      name: "aws-proxy"
      namespace: "kibana"
    spec:
      selector:
        app: "kibana"
        component: "aws-proxy"
      ports:
        - port: 80
          targetPort: 9200
  - kind: "Service"
    apiVersion: "v1"
    metadata:
      name: "oauth2-proxy"
      namespace: "kibana"
    spec:
      selector:
        app: "kibana"
        component: "oauth2-proxy"
      ports:
        - port: 80
  - kind: "Ingress"
    apiVersion: "extensions/v1beta1"
    metadata:
      name: "kibana"
      namespace: "kibana"
    spec:
      rules:
        - host: "kibana.$(DOMAIN)"
          http:
            paths:
              - backend:
                  serviceName: "oauth2-proxy"
                  servicePort: 80
  - kind: "Deployment"
    apiVersion: "extensions/v1beta1"
    metadata:
      name: "aws-proxy"
      namespace: "kibana"
    spec:
      replicas: 1
      template:
        metadata:
          name: "aws-proxy"
          namespace: "kibana"
          labels:
            app: "kibana"
            component: "aws-proxy"
        spec:
          containers:
            - name: "aws-proxy"
              image: "inquicker/aws-proxy"
              args:
                - "-b"
                - "-p=9200"
                - "-e=https://$(AWS_ES_ENDPOINT)"
              ports:
                - name: "http"
                  containerPort: 9200
  - kind: "Deployment"
    apiVersion: "extensions/v1beta1"
    metadata:
      name: "oauth2-proxy"
      namespace: "kibana"
    spec:
      replicas: 1
      template:
        metadata:
          name: "oauth2-proxy"
          namespace: "kibana"
          labels:
            app: "kibana"
            component: "oauth2-proxy"
        spec:
          containers:
            - name: "oauth2-proxy"
              image: "inquicker/oauth2_proxy"
              args:
                - "-cookie-domain=kibana.$(DOMAIN)"
                - "-cookie-refresh=24h"
                - "-email-domain=example.com"
                - "-http-address=0.0.0.0:80"
                - "-upstream=http://aws-proxy"
              env:
                - name: "OAUTH2_PROXY_CLIENT_ID"
                  valueFrom:
                    secretKeyRef:
                      name: "oauth2-proxy"
                      key: "client-id"
                - name: "OAUTH2_PROXY_CLIENT_SECRET"
                  valueFrom:
                    secretKeyRef:
                      name: "oauth2-proxy"
                      key: "client-secret"
                - name: "OAUTH2_PROXY_COOKIE_SECRET"
                  valueFrom:
                    secretKeyRef:
                      name: "oauth2-proxy"
                      key: "cookie-secret"
              ports:
                - name: "http"
                  containerPort: 80
parameters:
  - name: "AWS_ES_ENDPOINT"
    description: "Endpoint for the Elasticsearch service (as a hostname, no protocol)"
    required: true
    parameterType: "string"
  - name: "DOMAIN"
    description: "Apex domain of the cluster, e.g. \"example.com\""
    required: true
    parameterType: "string"
  - name: "OAUTH2_PROXY_CLIENT_ID"
    description: "Google OAuth2 client ID for oauth2-proxy."
    required: true
    parameterType: "base64"
  - name: "OAUTH2_PROXY_CLIENT_SECRET"
    description: "Google OAuth2 client secret for oauth2-proxy."
    required: true
    parameterType: "base64"
  - name: "OAUTH2_PROXY_COOKIE_SECRET"
    description: |
      Based64-encoded seed value for oauth2_proxy's cookie. Note that the app expects a
      Base64-encoded value, and the encoded value must be Base64-encoded again for the Kubernetes
      secret object. In other words, use the --parameter flag with ktmpl even though the value is
      already Base64-encoded. Generate a value with:

          ruby -rsecurerandom -e 'puts SecureRandom.urlsafe_base64(32)'
    required: true
    parameterType: "base64"
	---
	kind: "Template"
	apiVersion: "v1"
	metadata:
	name: "kibana"
	objects:
	- kind: "Namespace"
	apiVersion: "v1"
	metadata:
	name: "kibana"
	- kind: "Secret"
	apiVersion: "v1"
	metadata:
	name: "oauth2-proxy"
	namespace: "kibana"
	data:
	client-id: "$(OAUTH2_PROXY_CLIENT_ID)"
	client-secret: "$(OAUTH2_PROXY_CLIENT_SECRET)"
	cookie-secret: "$(OAUTH2_PROXY_COOKIE_SECRET)"
	type: "Opaque"
	- kind: "Service"
	apiVersion: "v1"
	metadata:
	name: "aws-proxy"
	namespace: "kibana"
	spec:
	selector:
	app: "kibana"
	component: "aws-proxy"
	ports:
	- port: 80
	targetPort: 9200
	- kind: "Service"
	apiVersion: "v1"
	metadata:
	name: "oauth2-proxy"
	namespace: "kibana"
	spec:
	selector:
	app: "kibana"
	component: "oauth2-proxy"
	ports:
	- port: 80
	- kind: "Ingress"
	apiVersion: "extensions/v1beta1"
	metadata:
	name: "kibana"
	namespace: "kibana"
	spec:
	rules:
	- host: "kibana.$(DOMAIN)"
	http:
	paths:
	- backend:
	serviceName: "oauth2-proxy"
	servicePort: 80
	- kind: "Deployment"
	apiVersion: "extensions/v1beta1"
	metadata:
	name: "aws-proxy"
	namespace: "kibana"
	spec:
	replicas: 1
	template:
	metadata:
	name: "aws-proxy"
	namespace: "kibana"
	labels:
	app: "kibana"
	component: "aws-proxy"
	spec:
	containers:
	- name: "aws-proxy"
	image: "inquicker/aws-proxy"
	args:
	- "-b"
	- "-p=9200"
	- "-e=https://$(AWS_ES_ENDPOINT)"
	ports:
	- name: "http"
	containerPort: 9200
	- kind: "Deployment"
	apiVersion: "extensions/v1beta1"
	metadata:
	name: "oauth2-proxy"
	namespace: "kibana"
	spec:
	replicas: 1
	template:
	metadata:
	name: "oauth2-proxy"
	namespace: "kibana"
	labels:
	app: "kibana"
	component: "oauth2-proxy"
	spec:
	containers:
	- name: "oauth2-proxy"
	image: "inquicker/oauth2_proxy"
	args:
	- "-cookie-domain=kibana.$(DOMAIN)"
	- "-cookie-refresh=24h"
	- "-email-domain=example.com"
	- "-http-address=0.0.0.0:80"
	- "-upstream=http://aws-proxy"
	env:
	- name: "OAUTH2_PROXY_CLIENT_ID"
	valueFrom:
	secretKeyRef:
	name: "oauth2-proxy"
	key: "client-id"
	- name: "OAUTH2_PROXY_CLIENT_SECRET"
	valueFrom:
	secretKeyRef:
	name: "oauth2-proxy"
	key: "client-secret"
	- name: "OAUTH2_PROXY_COOKIE_SECRET"
	valueFrom:
	secretKeyRef:
	name: "oauth2-proxy"
	key: "cookie-secret"
	ports:
	- name: "http"
	containerPort: 80
	parameters:
	- name: "AWS_ES_ENDPOINT"
	description: "Endpoint for the Elasticsearch service (as a hostname, no protocol)"
	required: true
	parameterType: "string"
	- name: "DOMAIN"
	description: "Apex domain of the cluster, e.g. \"example.com\""
	required: true
	parameterType: "string"
	- name: "OAUTH2_PROXY_CLIENT_ID"
	description: "Google OAuth2 client ID for oauth2-proxy."
	required: true
	parameterType: "base64"
	- name: "OAUTH2_PROXY_CLIENT_SECRET"
	description: "Google OAuth2 client secret for oauth2-proxy."
	required: true
	parameterType: "base64"
	- name: "OAUTH2_PROXY_COOKIE_SECRET"
	description: \|
	Based64-encoded seed value for oauth2_proxy's cookie. Note that the app expects a
	Base64-encoded value, and the encoded value must be Base64-encoded again for the Kubernetes
	secret object. In other words, use the --parameter flag with ktmpl even though the value is
	already Base64-encoded. Generate a value with:

	ruby -rsecurerandom -e 'puts SecureRandom.urlsafe_base64(32)'
	required: true
	parameterType: "base64"