Fix yaml linter error

Signed-off-by: Tom Zaspel <40226087+tzabbi@users.noreply.github.com>

common/oauth2-proxy/base/deployment.yaml

@@ -15,71 +15,71 @@ spec:
         app.kubernetes.io/name: oauth2-proxy
     spec:
       volumes:
-        - name: configmain
-          configMap:
-            name: oauth2-proxy
-            defaultMode: 420
+      - name: configmain
+        configMap:
+          name: oauth2-proxy
+          defaultMode: 420
       containers:
-        - name: oauth2-proxy
-          image: quay.io/oauth2-proxy/oauth2-proxy:latest
-          args:
-            - --http-address=0.0.0.0:4180
-            - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
-          ports:
-            - name: http
-              containerPort: 4180
-              protocol: TCP
-            - name: metrics
-              containerPort: 44180
-              protocol: TCP
-          env:
-            - name: OAUTH2_PROXY_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: oauth2-proxy
-                  key: client-id
-            - name: OAUTH2_PROXY_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: oauth2-proxy
-                  key: client-secret
-            - name: OAUTH2_PROXY_COOKIE_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: oauth2-proxy
-                  key: cookie-secret
-            - name: OAUTH2_PROXY_COOKIE_SECURE
-              valueFrom:
-                configMapKeyRef:
-                  name: oauth2-proxy-parameters
-                  key: FORCE_HTTPS
-            - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
-              valueFrom:
-                configMapKeyRef:
-                  name: oauth2-proxy-parameters
-                  key: ALLOW_SELF_SIGNED_ISSUER
-            - name: OAUTH2_PROXY_SKIP_JWT_BEARER_TOKENS
-              valueFrom:
-                configMapKeyRef:
-                  name: oauth2-proxy-parameters
-                  key: ENABLE_M2M_TOKENS
-            - name: OAUTH2_PROXY_EXTRA_JWT_ISSUERS
-              valueFrom:
-                configMapKeyRef:
-                  name: oauth2-proxy-parameters
-                  key: EXTRA_JWT_ISSUERS
-          volumeMounts:
-            - name: configmain
-              mountPath: /etc/oauth2_proxy/oauth2_proxy.cfg
-              subPath: oauth2_proxy.cfg
-          livenessProbe:
-            httpGet:
-              path: /ping
-              port: http
-              scheme: HTTP
-          readinessProbe:
-            httpGet:
-              path: /ping
-              port: http
-              scheme: HTTP
-          resources: {}
+      - name: oauth2-proxy
+        image: quay.io/oauth2-proxy/oauth2-proxy:latest
+        args:
+        - --http-address=0.0.0.0:4180
+        - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
+        ports:
+        - name: http
+          containerPort: 4180
+          protocol: TCP
+        - name: metrics
+          containerPort: 44180
+          protocol: TCP
+        env:
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: oauth2-proxy
+              key: client-id
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: oauth2-proxy
+              key: client-secret
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: oauth2-proxy
+              key: cookie-secret
+        - name: OAUTH2_PROXY_COOKIE_SECURE
+          valueFrom:
+            configMapKeyRef:
+              name: oauth2-proxy-parameters
+              key: FORCE_HTTPS
+        - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
+          valueFrom:
+            configMapKeyRef:
+              name: oauth2-proxy-parameters
+              key: ALLOW_SELF_SIGNED_ISSUER
+        - name: OAUTH2_PROXY_SKIP_JWT_BEARER_TOKENS
+          valueFrom:
+            configMapKeyRef:
+              name: oauth2-proxy-parameters
+              key: ENABLE_M2M_TOKENS
+        - name: OAUTH2_PROXY_EXTRA_JWT_ISSUERS
+          valueFrom:
+            configMapKeyRef:
+              name: oauth2-proxy-parameters
+              key: EXTRA_JWT_ISSUERS
+        volumeMounts:
+        - name: configmain
+          mountPath: /etc/oauth2_proxy/oauth2_proxy.cfg
+          subPath: oauth2_proxy.cfg
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: http
+            scheme: HTTP
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: http
+            scheme: HTTP
+        resources: {}

common/oauth2-proxy/base/rbac.tokenreviews.yaml

@@ -3,12 +3,12 @@ kind: ClusterRole
 metadata:
   name: authn-delegator
 rules:
-  - apiGroups:
-      - authentication.k8s.io
-    resources:
-      - tokenreviews
-    verbs:
-      - create
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -20,5 +20,5 @@ roleRef:
   kind: ClusterRole
   name: authn-delegator
 subjects:
-  - kind: ServiceAccount
-    name: oauth2-proxy
+- kind: ServiceAccount
+  name: oauth2-proxy

common/oauth2-proxy/base/service.yaml

@@ -7,7 +7,7 @@ spec:
   selector:
     app.kubernetes.io/name: oauth2-proxy
   ports:
-    - port: 80
-      name: http
-      targetPort: http
+  - port: 80
+    name: http
+    targetPort: http
   publishNotReadyAddresses: true

common/oauth2-proxy/components/configure-self-signed-kubernetes-oidc-issuer/cronjob.kubeflow-m2m-oidc-configurator.yaml

@@ -17,23 +17,23 @@ spec:
           restartPolicy: OnFailure
           serviceAccountName: kubeflow-m2m-oidc-configurator
           containers:
-            - image: docker.io/curlimages/curl
-              name: kubeflow-m2m-oidc-configurator
-              command:
-                - /script.sh
-              envFrom:
-                - configMapRef:
-                    name: kubeflow-m2m-oidc-configurator-envs
-              volumeMounts:
-                - mountPath: /script.sh
-                  name: script
-                  subPath: script.sh
-              resources: {}
+          - image: docker.io/curlimages/curl
+            name: kubeflow-m2m-oidc-configurator
+            command:
+            - /script.sh
+            envFrom:
+            - configMapRef:
+                name: kubeflow-m2m-oidc-configurator-envs
+            volumeMounts:
+            - mountPath: /script.sh
+              name: script
+              subPath: script.sh
+            resources: {}
           volumes:
-            - name: script
-              configMap:
-                name: kubeflow-m2m-oidc-configurator-script
-                defaultMode: 0777
-                items:
-                  - key: script.sh
-                    path: script.sh
+          - name: script
+            configMap:
+              name: kubeflow-m2m-oidc-configurator-script
+              defaultMode: 0777
+              items:
+              - key: script.sh
+                path: script.sh

common/oauth2-proxy/components/configure-self-signed-kubernetes-oidc-issuer/rbac.yaml

@@ -11,13 +11,13 @@ metadata:
   name: kubeflow-m2m-oidc-configurator
   namespace: istio-system
 rules:
-  - apiGroups:
-      - security.istio.io
-    resources:
-      - requestauthentications
-    verbs:
-      - get
-      - patch
+- apiGroups:
+  - security.istio.io
+  resources:
+  - requestauthentications
+  verbs:
+  - get
+  - patch
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -30,6 +30,6 @@ roleRef:
   kind: Role
   name: kubeflow-m2m-oidc-configurator
 subjects:
-  - kind: ServiceAccount
-    name: kubeflow-m2m-oidc-configurator
-    namespace: istio-system
+- kind: ServiceAccount
+  name: kubeflow-m2m-oidc-configurator
+  namespace: istio-system

common/oauth2-proxy/components/istio-external-auth-patches/patches/deployment.jwt-refresh-interval.yaml

@@ -7,12 +7,12 @@ spec:
   template:
     spec:
       containers:
-        - name: discovery
-          env:
-            # Istio will refresh the JWT Public Keys provided with
-            # RequestAuthentication by default every 20 minutes. For deployment
-            # from scratch this is not ideal because there is a high chance that
-            # the istiod will be available before dex is available, triggering
-            # Istio mechanism to use a placeholder jwt until refreshed.
-            - name: PILOT_JWT_PUB_KEY_REFRESH_INTERVAL
-              value: "1m"
+      - name: discovery
+        env:
+        # Istio will refresh the JWT Public Keys provided with
+        # RequestAuthentication by default every 20 minutes. For deployment
+        # from scratch this is not ideal because there is a high chance that
+        # the istiod will be available before dex is available, triggering
+        # Istio mechanism to use a placeholder jwt until refreshed.
+        - name: PILOT_JWT_PUB_KEY_REFRESH_INTERVAL
+          value: "1m"

common/oauth2-proxy/components/istio-external-auth/kustomization.yaml

@@ -5,7 +5,7 @@ resources:
 - authorizationpolicy.istio-ingressgateway-oauth2-proxy.yaml
 - requestauthentication.dex-jwt.yaml
 
-# If you're running Kubeflow behind CloudFlare, use 
+# If you're running Kubeflow behind CloudFlare, use
 # authorizationpolicy.istio-ingressgateway-oauth2-proxy-cloudflare.yaml
-# instead of 
+# instead of
 # authorizationpolicy.istio-ingressgateway-oauth2-proxy.yaml

common/oauth2-proxy/components/istio-external-auth/requestauthentication.dex-jwt.yaml

@@ -5,15 +5,15 @@ metadata:
   namespace: istio-system
 spec:
   jwtRules:
-    # forwardOriginalToken must be set to true so the authorization header will
-    # be passed between Kubeflow Components and Istio can configure the
-    # Kubeflow Auth Headers based on this request authorization header.
-    - forwardOriginalToken: true
-      issuer: http://dex.auth.svc.cluster.local:5556/dex
-      # These 5 lines provides integration of istio/oauth2-proxy with
-      # Kubeflow custom auth headers.
-      outputClaimToHeaders:
-        - header: kubeflow-userid
-          claim: email
-        - header: kubeflow-groups
-          claim: groups
+  # forwardOriginalToken must be set to true so the authorization header will
+  # be passed between Kubeflow Components and Istio can configure the
+  # Kubeflow Auth Headers based on this request authorization header.
+  - forwardOriginalToken: true
+    issuer: http://dex.auth.svc.cluster.local:5556/dex
+    # These 5 lines provides integration of istio/oauth2-proxy with
+    # Kubeflow custom auth headers.
+    outputClaimToHeaders:
+    - header: kubeflow-userid
+      claim: email
+    - header: kubeflow-groups
+      claim: groups

common/oauth2-proxy/components/istio-m2m/requestauthentication.yaml

@@ -5,10 +5,10 @@ metadata:
   namespace: istio-system
 spec:
   jwtRules:
-    - forwardOriginalToken: true
-      issuer: M2M_TOKEN_ISSUER_PLACEHOLDER
-      outputClaimToHeaders:
-        - claim: sub
-          header: x-auth-request-user
-        - claim: sub
-          header: kubeflow-userid
+  - forwardOriginalToken: true
+    issuer: M2M_TOKEN_ISSUER_PLACEHOLDER
+    outputClaimToHeaders:
+    - claim: sub
+      header: x-auth-request-user
+    - claim: sub
+      header: kubeflow-userid

example/kustomization.yaml

@@ -64,7 +64,7 @@ resources:
 # Katib
 - ../apps/katib/upstream/installs/katib-with-kubeflow
 # Central Dashboard
-- ../apps/centraldashboard/overlays
+- ../apps/centraldashboard/overlays/oauth2-proxy
 # Admission Webhook
 - ../apps/admission-webhook/upstream/overlays/cert-manager
 # Jupyter Web App