bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

logging: fix oauth2 scope and pin loki to rpi

Browse Source
This commit is contained in:
Brad Stein 2026-01-09 07:12:40 -03:00
parent 3694b8f76e
commit 9e496cb8d6
2 changed files with 61 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
services/logging/loki-helmrelease.yaml
View File

@ -54,10 +54,64 @@ spec:
replicas: 0 replicas: 0
singleBinary: singleBinary:
replicas: 1 replicas: 1
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: hardware
operator: In
values:
- rpi5
- rpi4
persistence: persistence:
enabled: true enabled: true
size: 200Gi size: 200Gi
storageClass: asteria storageClass: asteria
gateway:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: hardware
operator: In
values:
- rpi5
- rpi4
chunksCache:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: hardware
operator: In
values:
- rpi5
- rpi4
resultsCache:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: hardware
operator: In
values:
- rpi5
- rpi4
canary:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: hardware
operator: In
values:
- rpi5
- rpi4
service: service:
type: ClusterIP type: ClusterIP
ingress: ingress:

14
services/logging/oauth2-proxy.yaml
View File

@ -37,13 +37,14 @@ spec:
node-role.kubernetes.io/worker: "true" node-role.kubernetes.io/worker: "true"
affinity: affinity:
nodeAffinity: nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
- weight: 90 nodeSelectorTerms:
preference: - matchExpressions:
matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: ["rpi5","rpi4"] values:
- rpi5
- rpi4
containers: containers:
- name: oauth2-proxy - name: oauth2-proxy
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
@ -52,7 +53,7 @@ spec:
- --provider=oidc - --provider=oidc
- --redirect-url=https://logs.bstein.dev/oauth2/callback - --redirect-url=https://logs.bstein.dev/oauth2/callback
- --oidc-issuer-url=https://sso.bstein.dev/realms/atlas - --oidc-issuer-url=https://sso.bstein.dev/realms/atlas
- --scope=openid profile email groups - --scope=openid profile email
- --email-domain=* - --email-domain=*
- --set-xauthrequest=true - --set-xauthrequest=true
- --pass-access-token=true - --pass-access-token=true
@ -66,7 +67,6 @@ spec:
- --http-address=0.0.0.0:4180 - --http-address=0.0.0.0:4180
- --skip-provider-button=true - --skip-provider-button=true
- --skip-jwt-bearer-tokens=true - --skip-jwt-bearer-tokens=true
- --oidc-groups-claim=groups
- --cookie-domain=logs.bstein.dev - --cookie-domain=logs.bstein.dev
env: env:
- name: OAUTH2_PROXY_CLIENT_ID - name: OAUTH2_PROXY_CLIENT_ID