CadolesKube/sso-kustom
15
0
Fork 0
Code Issues 20 Pull Requests 6 Projects Releases Wiki Activity

wip: integrate hydra-sql in example environment

Browse Source
This commit is contained in:
wpetit
2024-04-04 11:52:57 +02:00
parent 546f31b2dd
commit 62ef2763de
18 changed files with 526 additions and 425 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
examples/authenticated-app/README.md
View File

@ -8,35 +8,27 @@ L'exemple est actuellement déployé avec le composant `hydra-saml` uniquement.
1. Créer un cluster avec `kind`
```
kind create cluster --config ./examples/k8s/kind/cluster-config.yaml
```
```
kind create cluster --config ./examples/k8s/kind/cluster-config.yaml
```
2. Déployer les opérateurs nécessaires au déploiement
```
kubectl apply -k ./examples/k8s/kind/cluster --server-side
```
```
kubectl apply -k ./examples/k8s/kind/cluster --server-side
```
3. Déployer l'application
```
kubectl apply -k ./examples/authenticated-app
```
**Note** Il est possible d'avoir l'erreur suivante:
```
error: resource mapping not found for name: "app-oauth2-client" namespace: "" from "./examples/authenticated-app": no matches for kind "OAuth2Client" in version "hydra.ory.sh/v1alpha1"
kubectl apply -k ./examples/authenticated-app
```
Cette erreur est "normale" (voir https://github.com/kubernetes/kubectl/issues/1117). Dans ce cas, attendre la création de la CRD (voir ticket) puis relancer la commande.
4. Ajouter l'entrée suivante dans votre fichier `/etc/hosts`
```
127.0.0.1 ssokustom
```
```
127.0.0.1 ssokustom
```
5. Après stabilisation du déploiement, l'application devrait être accessible à l'adresse https://ssokustom
@ -55,7 +47,7 @@ kind delete cluster -n sso-kustom-example
#### URL utiles
|URL|Description|
|---|-----------|
|https://ssokustom/auth/saml/Shibboleth.sso/Session|Attributs de la session SP Shibboleth|
|https://ssokustom/auth/saml/Shibboleth.sso/Metadata|Métadonnées du SP Shibboleth|
| URL | Description |
| --------------------------------------------------- | ------------------------------------- |
| https://ssokustom/auth/saml/Shibboleth.sso/Session | Attributs de la session SP Shibboleth |
| https://ssokustom/auth/saml/Shibboleth.sso/Metadata | Métadonnées du SP Shibboleth |

9
examples/authenticated-app/kustomization.yaml
View File

@ -8,7 +8,7 @@ resources:
- ./resources/self-signed-issuer.yaml
- ./resources/port-forwarder.yaml
patchesJson6902:
patches:
- target:
version: v1
kind: ConfigMap
@ -38,4 +38,9 @@ patchesJson6902:
version: v1alpha1
kind: OAuth2Client
name: oidc-test-oauth2-client
path: patches/oidc-test-oauth2-client.yaml
path: patches/oidc-test-oauth2-client.yaml
- target:
version: v1
kind: ConfigMap
name: hydra-sql-env
path: patches/hydra-sql-env.yaml

12
examples/authenticated-app/patches/hydra-dispatcher-env.yaml
View File

@ -27,4 +27,14 @@
- op: replace
path: "/data/HYDRA_DISPATCHER_SAML_LOGOUT_URL"
value: https://ssokustom/auth/saml/logout
# Hydra SQL configuration
- op: replace
path: "/data/HYDRA_DISPATCHER_SQL_LOGIN_URL"
value: https://ssokustom/auth/sql/login
- op: replace
path: "/data/HYDRA_DISPATCHER_SQL_CONSENT_URL"
value: https://ssokustom/auth/sql/consent
- op: replace
path: "/data/HYDRA_DISPATCHER_SQL_LOGOUT_URL"
value: https://ssokustom/auth/sql/logout

24
examples/authenticated-app/patches/hydra-sql-env.yaml Normal file
View File

@ -0,0 +1,24 @@
- op: replace
path: "/data/BASE_URL"
value: https://ssokustom/auth/sql
- op: replace
path: "/data/ISSUER_URL"
value: https://ssokustom
- op: replace
path: "/data/ISSUER_URL"
value: https://ssokustom
- op: replace
path: "/data/HYDRA_ADMIN_BASE_URL"
value: http://hydra-dispatcher
- op: replace
path: "/data/DSN_REMOTE_DATABASE"
value: pgsql:host='postgres';port=5432;dbname=lasql
- op: replace
path: "/data/REDIS_DSN"
value: redis://redis:6379
- op: replace
path: "/data/DB_USER"
value: makeMeASecret
- op: replace
path: "/data/DB_PASSWORD"
value: rmakeMeASecret

149
examples/authenticated-app/resources/ingress.yaml
View File

@ -10,19 +10,19 @@ metadata:
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: oidc-test
port:
name: http
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: oidc-test
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -34,19 +34,43 @@ metadata:
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /auth/saml(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-saml
port:
name: http
- http:
paths:
- path: /auth/saml(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-saml
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: auth-sql
annotations:
cert-manager.io/issuer: "self-signed"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /auth/sql(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-sql
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -60,19 +84,19 @@ metadata:
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /auth/dispatcher(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-dispatcher
port:
name: http
- http:
paths:
- path: /auth/dispatcher(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-dispatcher
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -85,19 +109,19 @@ metadata:
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /auth(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra
port:
name: hydra-public
- http:
paths:
- path: /auth(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra
port:
name: hydra-public
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -111,21 +135,16 @@ metadata:
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /simplesaml(/|$)(.*)
pathType: Prefix
backend:
service:
name: saml-idp
port:
name: https
- http:
paths:
- path: /simplesaml(/|$)(.*)
pathType: Prefix
backend:
service:
name: saml-idp
port:
name: https

9
examples/k8s/kind/cluster/kustomization.yaml
View File

@ -1,10 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/jetstack/cert-manager/releases/download/v1.13.2/cert-manager.yaml
- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
- https://github.com/jetstack/cert-manager/releases/download/v1.13.2/cert-manager.yaml
- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
- https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
- https://raw.githubusercontent.com/ory/k8s/v0.28.2/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
patchesJson6902:
- target: