-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcharmcraft.yaml
111 lines (93 loc) · 3.18 KB
/
charmcraft.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Copyright 2024 Canonical Ltd.
# See LICENSE file for licensing details.
# This file configures Charmcraft.
# See https://juju.is/docs/sdk/charmcraft-config for guidance.
name: oauth2-proxy-k8s
type: charm
title: OAuth2 Proxy
summary: A reverse proxy server that authenticates users through providers like Google and Github.
description: |
OAuth2 Proxy is a reverse proxy and static file server that authenticates
users through providers like Google and GitHub, allowing validation by email,
domain, or group.
links:
documentation: https://discourse.charmhub.io/t/charmed-oauth2-proxy-k8s-overview/14663
source: https://github.com/canonical/oauth2-proxy-k8s-operator
issues: https://github.com/canonical/oauth2-proxy-k8s-operator/issues
bases:
- build-on:
- name: ubuntu
channel: "22.04"
run-on:
- name: ubuntu
channel: "22.04"
# Metadata
requires:
nginx-route:
interface: nginx-route
limit: 1
# This config section defines charm config options, and populates the Configure
# tab on Charmhub.
# More information on this section at https://juju.is/docs/sdk/charmcraft-yaml#heading--config
# General configuration documentation: https://juju.is/docs/sdk/config
config:
options:
upstream:
description: |
The HTTP url(s) of the upstream endpoint. For juju applications, this is
"http://<application_name>:<application_port>" if it is deployed on the same model.
default: ""
type: string
provider:
description: |
OAuth provider.
Reference: https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/
default: "google"
type: string
client-id:
description: |
The OAuth Client ID.
default: ""
type: string
client-secret:
description: |
The OAuth Client Secret.
default: ""
type: string
cookie-secret:
description: |
The seed string for secure cookies (optionally base64 encoded).
Must be 16, 24, or 32 bytes to create an AES cipher.
default: ""
type: string
authenticated-emails-list:
description: |
Comma-separated list of users to allow to authenticate to the service.
default: ""
type: string
additional-config:
description: |
Space-separated list of additional config as defined in
https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview/.
Example: '--upstream-timeout=20s --whitelist-domain=example.com'
default: "--email-domain=*"
type: string
external-hostname:
description: |
The DNS listing used for external connections. Will default to the name of the deployed
application.
default: "oauth2-proxy-k8s"
type: string
tls-secret-name:
description: |
Name of the k8s secret which contains the TLS certificate to be used by ingress.
default: "oauth2-proxy-tls"
type: string
containers:
oauth2-proxy:
resource: oauth2-proxy-image
resources:
oauth2-proxy-image:
type: oci-image
description: OCI image for the 'some-container' container
upstream-source: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0-alpine