--- apiVersion: codemowers.io/v1alpha1 kind: OIDCGWClient metadata: name: walias spec: uri: "https://walias-msergo.codemowers.ee/auth-oidc" redirectUris: - "https://walias-msergo.codemowers.ee/auth-oidc/callback" grantTypes: - "authorization_code" - "refresh_token" # might be supported by some implementations responseTypes: - "code" availableScopes: - "openid" - "profile" - "offline_access" tokenEndpointAuthMethod: "client_secret_basic" pkce: true --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: walias annotations: kubernetes.io/ingress.class: shared traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.codemowers.ee spec: rules: - host: walias-msergo.codemowers.ee http: paths: - pathType: Prefix path: "/" backend: service: name: walias port: number: 3030 tls: - hosts: - "*.codemowers.ee" --- apiVersion: v1 kind: Service metadata: name: walias spec: type: ClusterIP selector: app: walias ports: - protocol: TCP port: 3030 --- apiVersion: apps/v1 kind: Deployment metadata: name: walias labels: app: walias spec: selector: matchLabels: app: walias replicas: 1 template: metadata: labels: app: walias spec: containers: - name: walias image: walias ports: - containerPort: 3030 env: - name: CLIENT_URL value: https://walias-msergo.codemowers.ee - name: NODE_ENV value: prod - name: WILDDUCK_URL valueFrom: secretKeyRef: name: walias-secrets key: WILDDUCK_URL - name: WILDDUCK_TOKEN valueFrom: secretKeyRef: name: walias-secrets key: WILDDUCK_TOKEN - name: WILDDUCK_DOMAIN valueFrom: secretKeyRef: name: walias-secrets key: WILDDUCK_DOMAIN - name: REDIS_URL valueFrom: secretKeyRef: name: redis-walias-cache-owner-secrets key: REDIS_MASTER_URI envFrom: - secretRef: name: oidc-client-walias-owner-secrets