Add ingresses and oauth2 proxy

Author: jessesuen

demo/apps/apps.yaml

@@ -144,28 +144,28 @@ spec:
     jsonPointers:
     - /webhooks/0/clientConfig/caBundle
 
----
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: flux
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-  source:
-    repoURL: https://github.com/jessesuen/k8s-deployments.git
-    path: flux/demo
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: flux
-  ignoreDifferences:
-  # k8s 1.3 does not enable runAsGroup by default 
-  - group: apps
-    kind: Deployment
-    name: memcached
-    jsonPointers:
-    - /spec/template/spec/containers/0/securityContext/runAsGroup
+# ---
+# apiVersion: argoproj.io/v1alpha1
+# kind: Application
+# metadata:
+#   name: flux
+#   finalizers:
+#   - resources-finalizer.argocd.argoproj.io
+# spec:
+#   project: default
+#   source:
+#     repoURL: https://github.com/jessesuen/k8s-deployments.git
+#     path: flux/demo
+#   destination:
+#     server: https://kubernetes.default.svc
+#     namespace: flux
+#   ignoreDifferences:
+#   # k8s 1.3 does not enable runAsGroup by default 
+#   - group: apps
+#     kind: Deployment
+#     name: memcached
+#     jsonPointers:
+#     - /spec/template/spec/containers/0/securityContext/runAsGroup
 
 ---
 apiVersion: argoproj.io/v1alpha1
@@ -233,6 +233,44 @@ spec:
     server: https://kubernetes.default.svc
     namespace: prometheus-operator
 
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2-proxy-prometheus
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/jessesuen/k8s-deployments.git
+    path: oauth2-proxy
+    helm:
+      valueFiles:
+      - prometheus.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: prometheus-operator
+
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2-proxy-canary-demo
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/jessesuen/k8s-deployments.git
+    path: oauth2-proxy
+    helm:
+      valueFiles:
+      - rollouts-demo.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
@@ -252,6 +290,23 @@ spec:
     server: https://kubernetes.default.svc
     namespace: istio-system
 
+
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingresses
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/jessesuen/k8s-deployments.git
+    path: ingresses
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: istio-system
+
 # ---
 # apiVersion: argoproj.io/v1alpha1
 # kind: Application

ingresses/grafana.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: grafana
+  namespace: prometheus-operator
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/auth-url: http://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/auth-signin: http://$host/oauth2/start?rd=$request_uri
+spec:
+  rules:
+  - host: grafana.dev.argoproj.io
+    http:
+      paths:  
+      - backend:
+          serviceName: prometheus-operator-grafana
+          servicePort: 80
+        path: /
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: grafana-oauth
+  namespace: prometheus-operator

ingresses/istio-grafana.yaml

@@ -1,30 +1,3 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: grafana
-  namespace: prometheus-operator
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/auth-url: http://$host/oauth2/auth
-    nginx.ingress.kubernetes.io/auth-signin: http://$host/oauth2/start?rd=$request_uri
-spec:
-  rules:
-  - host: grafana.dev.argoproj.io
-    http:
-      paths:  
-      - backend:
-          serviceName: prometheus-operator-grafana
-          servicePort: 80
-        path: /
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: grafana-oauth
-  namespace: prometheus-operator
-
----
 apiVersion: v1
 kind: Secret
 metadata:

ingresses/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- grafana.yaml
+- istio-grafana.yaml
+- prometheus.yaml
+- rollouts-demo.yaml

ingresses/prometheus.yaml

@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: prometheus
+  namespace: prometheus-operator
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/auth-url: http://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/auth-signin: http://$host/oauth2/start?rd=$request_uri
+spec:
+  rules:
+  - host: prometheus.dev.argoproj.io
+    http:
+      paths:  
+      - backend:
+          serviceName: prometheus-operator-prometheus
+          servicePort: 9090
+        path: /
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prometheus-oauth
+  namespace: prometheus-operator

ingresses/rollouts-demo.yaml

@@ -0,0 +1,26 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/auth-url: http://$host/oauth2/auth
+    nginx.ingress.kubernetes.io/auth-signin: http://$host/oauth2/start?rd=$request_uri
+  name: canary-demo
+  namespace: default
+spec:
+  rules:
+    - host: canary.dev.argoproj.io
+      http:
+        paths:
+          - backend:
+              serviceName: canary-demo
+              servicePort: 80
+            path: /
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rollouts-demo-oauth
+  namespace: default
+

oauth2-proxy/prometheus.yaml

@@ -0,0 +1,15 @@
+oauth2-proxy:
+  config:
+    existingSecret: prometheus-oauth
+  extraArgs:
+    provider: github
+    github-org: argoproj
+    cookie-secure: "false"
+    redirect-url: http://prometheus.dev.argoproj.io/oauth2/callback
+  ingress:  
+    enabled: true  
+    path: /oauth2  
+    hosts:  
+    - prometheus.dev.argoproj.io
+    annotations:  
+      kubernetes.io/ingress.class: nginx  

oauth2-proxy/rollouts-demo.yaml

@@ -0,0 +1,15 @@
+oauth2-proxy:
+  config:
+    existingSecret: rollouts-demo-oauth
+  extraArgs:
+    provider: github
+    github-org: argoproj
+    cookie-secure: "false"
+    redirect-url: http://canary.dev.argoproj.io/oauth2/callback
+  ingress:  
+    enabled: true  
+    path: /oauth2  
+    hosts:  
+    - canary.dev.argoproj.io
+    annotations:  
+      kubernetes.io/ingress.class: nginx