mancubus77 · May 30, 2021 06:49
diff --git a/gistfile1.yaml b/gistfile1.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: reverse-words
   labels:
     name: reverse-words
 spec:
   replicas: 1
   selector:
     matchLabels:
       name: reverse-words
   template:
     metadata:
       labels:
         name: reverse-words
     spec:
       containers:
         - name: reverse-words
           image: quay.io/mavazque/reversewords:latest
           imagePullPolicy: Always
           ports:
             - name: reverse-words
               containerPort: 8080
               protocol: TCP
         - name: oauth-proxy
           args:
             - -provider=openshift
             - -https-address=:8888
             - -http-address=
             - -email-domain=*
             - -upstream=http://localhost:8080
             - -tls-cert=/etc/tls/private/tls.crt
             - -tls-key=/etc/tls/private/tls.key
             - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
             # Use file with Secret
             #- -cookie-secret-file=/etc/proxy/secrets/session_secret
             # Use Environment Variable with secret
             - -cookie-secret=$SECRET_COOKIE
             - -openshift-service-account=reversewords
             - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
             - -skip-auth-regex=^/metrics
           image: quay.io/openshift/origin-oauth-proxy:4.1
           imagePullPolicy: IfNotPresent
           ports:
             - name: oauth-proxy
               containerPort: 8888
               protocol: TCP
           env:
             - name: SECRET_COOKIE
               valueFrom:
                 secretKeyRef:
                   name: reversewords-proxy
                   key: session_secret
           volumeMounts:
             - mountPath: /etc/tls/private
               name: secret-reversewords-tls
             - mountPath: /etc/proxy/secrets/session_secret
               name: secret-reversewords-proxy
               subPath: session_secret
       serviceAccountName: reversewords
       volumes:
         - name: secret-reversewords-tls
           secret:
             defaultMode: 420
             secretName: reversewords-tls
         - name: secret-reversewords-proxy
           secret:
             defaultMode: 420
             secretName: reversewords-proxy
 ---
 apiVersion: v1
 kind: Service
 metadata:
   annotations:
     service.alpha.openshift.io/serving-cert-secret-name: reversewords-tls
   labels:
     name: reverse-words
   name: reverse-words
 spec:
   ports:
   - name: proxy
     port: 8888
     protocol: TCP
     targetPort: oauth-proxy
   - name: app
     port: 8080
     protocol: TCP
     targetPort: reverse-words
   selector:
     name: reverse-words
   sessionAffinity: None
   type: ClusterIP
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: reverse-words
	labels:
	name: reverse-words
	spec:
	replicas: 1
	selector:
	matchLabels:
	name: reverse-words
	template:
	metadata:
	labels:
	name: reverse-words
	spec:
	containers:
	- name: reverse-words
	image: quay.io/mavazque/reversewords:latest
	imagePullPolicy: Always
	ports:
	- name: reverse-words
	containerPort: 8080
	protocol: TCP
	- name: oauth-proxy
	args:
	- -provider=openshift
	- -https-address=:8888
	- -http-address=
	- -email-domain=*
	- -upstream=http://localhost:8080
	- -tls-cert=/etc/tls/private/tls.crt
	- -tls-key=/etc/tls/private/tls.key
	- -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
	# Use file with Secret
	#- -cookie-secret-file=/etc/proxy/secrets/session_secret
	# Use Environment Variable with secret
	- -cookie-secret=$SECRET_COOKIE
	- -openshift-service-account=reversewords
	- -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	- -skip-auth-regex=^/metrics
	image: quay.io/openshift/origin-oauth-proxy:4.1
	imagePullPolicy: IfNotPresent
	ports:
	- name: oauth-proxy
	containerPort: 8888
	protocol: TCP
	env:
	- name: SECRET_COOKIE
	valueFrom:
	secretKeyRef:
	name: reversewords-proxy
	key: session_secret
	volumeMounts:
	- mountPath: /etc/tls/private
	name: secret-reversewords-tls
	- mountPath: /etc/proxy/secrets/session_secret
	name: secret-reversewords-proxy
	subPath: session_secret
	serviceAccountName: reversewords
	volumes:
	- name: secret-reversewords-tls
	secret:
	defaultMode: 420
	secretName: reversewords-tls
	- name: secret-reversewords-proxy
	secret:
	defaultMode: 420
	secretName: reversewords-proxy
	---
	apiVersion: v1
	kind: Service
	metadata:
	annotations:
	service.alpha.openshift.io/serving-cert-secret-name: reversewords-tls
	labels:
	name: reverse-words
	name: reverse-words
	spec:
	ports:
	- name: proxy
	port: 8888
	protocol: TCP
	targetPort: oauth-proxy
	- name: app
	port: 8080
	protocol: TCP
	targetPort: reverse-words
	selector:
	name: reverse-words
	sessionAffinity: None
	type: ClusterIP