Skip to content

Commit d93fcf5

Browse files
walnuts1018walnuts1018
committed
fix readme
Signed-off-by: walnuts1018 <[email protected]>
1 parent e2e303e commit d93fcf5

File tree

1 file changed

+0
-107
lines changed

1 file changed

+0
-107
lines changed

README.md

Lines changed: 0 additions & 107 deletions
Original file line numberDiff line numberDiff line change
@@ -3,113 +3,6 @@
33
[![CI](https://github.com/walnuts1018/ipxe-manager/actions/workflows/ci.yaml/badge.svg)](https://github.com/walnuts1018/ipxe-manager/actions/workflows/ci.yaml)
44
[![Docker](https://github.com/walnuts1018/ipxe-manager/actions/workflows/docker.yaml/badge.svg)](https://github.com/walnuts1018/ipxe-manager/actions/workflows/docker.yaml)
55

6-
ipxe-manager is a reverse proxy that provides authentication and authorization for S3 buckets.
7-
8-
## Features
9-
10-
- Authenticate with OpenID Connect
11-
- Authorize based on group claims
12-
- Supports AWS S3 and other S3 compatible storages (e.g. MinIO)
13-
- Assumes IAM Role for S3 access (e.g. EKS IAM Roles for Service Accounts, MinIO STS API)
14-
15-
## Configuration
16-
17-
The following environment variables are available for configuration:
18-
19-
| Name | Description | Default |
20-
| --- | --- | --- |
21-
| `OIDC_ISSUER_URL` | OIDC issuer URL | |
22-
| `OIDC_CLIENT_ID` | OIDC client ID | |
23-
| `OIDC_CLIENT_SECRET` | OIDC client secret | |
24-
| `OIDC_REDIRECT_URL` | OIDC redirect URL. Use `/auth/callback` as the path. ||
25-
| `OIDC_GROUP_CLAIM` | Group claim name | `groups` |
26-
| `OIDC_ALLOWED_GROUPS` | Comma separated list of allowed groups/role. | |
27-
| `SESSION_SECRET` | Secret for session | |
28-
| `S3_BUCKET` | S3 bucket name | |
29-
| `S3_USE_PATH_STYLE` | Use path style for S3 access | `false` |
30-
| `LOG_LEVEL` | Log level | `info` |
31-
| `LOG_TYPE` | Log type (json or text) | `json` |
32-
33-
Additionally, ipxe-manager supports AWS SDK environment variables (<https://docs.aws.amazon.com/sdkref/latest/guide/settings-reference.html#EVarSettings>).
34-
35-
## Example
36-
37-
Here is an example of running ipxe-manager on Kubernetes.
38-
39-
```yaml
40-
apiVersion: apps/v1
41-
kind: Deployment
42-
metadata:
43-
labels:
44-
app: ipxe-manager
45-
name: ipxe-manager
46-
namespace: default
47-
spec:
48-
replicas: 1
49-
selector:
50-
matchLabels:
51-
app: ipxe-manager
52-
template:
53-
metadata:
54-
labels:
55-
app: ipxe-manager
56-
spec:
57-
serviceAccountName: <your-service-account-name>
58-
containers:
59-
- name: proxy
60-
image: ghcr.io/walnuts1018/ipxe-manager:latest
61-
env:
62-
- name: OIDC_ISSUER_URL
63-
value: <your-oidc-issuer-url>
64-
- name: OIDC_CLIENT_ID
65-
valueFrom:
66-
secretKeyRef:
67-
key: client-id
68-
name: <your-secret-name>
69-
- name: OIDC_CLIENT_SECRET
70-
valueFrom:
71-
secretKeyRef:
72-
key: client-secret
73-
name: <your-secret-name>
74-
- name: OIDC_REDIRECT_URL
75-
value: <your-redirect-url>
76-
- name: OIDC_ALLOWED_GROUPS
77-
value: <your-allowed-groups>
78-
- name: OIDC_GROUP_CLAIM
79-
value: <your-group-claim>
80-
- name: SESSION_SECRET
81-
valueFrom:
82-
secretKeyRef:
83-
key: session-secret
84-
name: <your-secret-name>
85-
- name: S3_BUCKET
86-
value: <your-s3-bucket>
87-
- name: AWS_REGION
88-
value: <your-aws-region>
89-
- name: AWS_ROLE_ARN
90-
value: <your-aws-role-arn>
91-
livenessProbe:
92-
httpGet:
93-
path: /livez
94-
port: http
95-
readinessProbe:
96-
httpGet:
97-
path: /readyz
98-
port: http
99-
ports:
100-
- containerPort: 8080
101-
name: http
102-
protocol: TCP
103-
resources:
104-
limits:
105-
memory: 300Mi
106-
requests:
107-
cpu: 10m
108-
memory: 10Mi
109-
```
110-
111-
Additionally, an example of using the MinIO Operator in an on-premises Kubernetes cluster can be found [here]([examples/minio-operator.yaml](https://github.com/walnuts1018/infra/blob/7642120ecb6f4b5dd415d85ea7bb5099fdcf4725/k8s/apps/ipu/deployment.yaml)).
112-
1136
## License
1147

1158
This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.

0 commit comments

Comments
 (0)