feat: add oidc-test app component
This commit is contained in:
parent
ddbedf45ee
commit
ad1c9d2bc3
20
components/oidc-test/kustomization.yaml
Normal file
20
components/oidc-test/kustomization.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1alpha1
|
||||||
|
kind: Component
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ./resources/deployment.yaml
|
||||||
|
- ./resources/service.yaml
|
||||||
|
- ./resources/oauth2-client.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: oidc-test
|
||||||
|
literals:
|
||||||
|
- LOG_LEVEL=0
|
||||||
|
- HTTP_ADDRESS=0.0.0.0:8080
|
||||||
|
- OIDC_CLIENT_ID=oidc-test
|
||||||
|
- OIDC_CLIENT_SECRET=NotSoSecret
|
||||||
|
- OIDC_ISSUER_URL=http://hydra:4444
|
||||||
|
- OIDC_REDIRECT_URL=https://example.net/oauth2/callback
|
||||||
|
- OIDC_POST_LOGOUT_REDIRECT_URL=https://example.net
|
||||||
|
- OIDC_SKIP_ISSUER_VERIFICATION="true"
|
||||||
|
- OIDC_INSECURE_SKIP_VERIFY="true"
|
39
components/oidc-test/resources/deployment.yaml
Normal file
39
components/oidc-test/resources/deployment.yaml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: oidc-test
|
||||||
|
name: oidc-test
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: oidc-test
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: oidc-test
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- image: reg.cadoles.com/cadoles/oidc-test:2023.12.6-stable.1502.ebfd504
|
||||||
|
name: oidc-test
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
resources: {}
|
||||||
|
envFrom:
|
||||||
|
- configMapRef:
|
||||||
|
name: oidc-test
|
||||||
|
env:
|
||||||
|
- name: OIDC_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: oidc-test-oauth2-client
|
||||||
|
key: client_id
|
||||||
|
- name: OIDC_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: oidc-test-oauth2-client
|
||||||
|
key: client_secret
|
||||||
|
restartPolicy: Always
|
@ -1,9 +1,9 @@
|
|||||||
apiVersion: hydra.ory.sh/v1alpha1
|
apiVersion: hydra.ory.sh/v1alpha1
|
||||||
kind: OAuth2Client
|
kind: OAuth2Client
|
||||||
metadata:
|
metadata:
|
||||||
name: app-oauth2-client
|
name: oidc-test-oauth2-client
|
||||||
spec:
|
spec:
|
||||||
clientName: "app"
|
clientName: "oidc-test"
|
||||||
tokenEndpointAuthMethod: "client_secret_basic"
|
tokenEndpointAuthMethod: "client_secret_basic"
|
||||||
grantTypes:
|
grantTypes:
|
||||||
- authorization_code
|
- authorization_code
|
||||||
@ -11,8 +11,8 @@ spec:
|
|||||||
responseTypes:
|
responseTypes:
|
||||||
- code
|
- code
|
||||||
scope: "openid email"
|
scope: "openid email"
|
||||||
secretName: app-oidc-secret
|
secretName: oidc-test-oauth2-client
|
||||||
redirectUris:
|
redirectUris:
|
||||||
- https://ssokustom/oauth2/callback
|
- https://example.net/oauth2/callback
|
||||||
postLogoutRedirectUris:
|
postLogoutRedirectUris:
|
||||||
- https://ssokustom
|
- https://example.net
|
15
components/oidc-test/resources/service.yaml
Normal file
15
components/oidc-test/resources/service.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: oidc-test
|
||||||
|
name: oidc-test
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: 8080
|
||||||
|
targetPort: 8080
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: oidc-test
|
||||||
|
status:
|
||||||
|
loadBalancer: {}
|
@ -2,20 +2,19 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
- ../../resources/hydra
|
- ../../overlays/base
|
||||||
- ../../resources/hydra-dispatcher
|
|
||||||
- ./resources/app.yaml
|
|
||||||
- ./resources/ingress.yaml
|
- ./resources/ingress.yaml
|
||||||
- ./resources/oauth2-client.yaml
|
|
||||||
- ./resources/saml-idp.yaml
|
- ./resources/saml-idp.yaml
|
||||||
- ./resources/self-signed-issuer.yaml
|
- ./resources/self-signed-issuer.yaml
|
||||||
- ./resources/port-forwarder.yaml
|
- ./resources/port-forwarder.yaml
|
||||||
|
|
||||||
components:
|
components:
|
||||||
- ../../components/hydra-cnpg-database
|
- ../../components/hydra-cnpg-database
|
||||||
|
- ../../components/oidc-test
|
||||||
#- ../../components/hydra-oidc
|
#- ../../components/hydra-oidc
|
||||||
- ../../components/hydra-saml
|
- ../../components/hydra-saml
|
||||||
|
|
||||||
|
|
||||||
patchesJson6902:
|
patchesJson6902:
|
||||||
- target:
|
- target:
|
||||||
version: v1
|
version: v1
|
||||||
@ -36,4 +35,14 @@ patchesJson6902:
|
|||||||
version: v1
|
version: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
name: hydra-secret
|
name: hydra-secret
|
||||||
path: patches/hydra-secret.yaml
|
path: patches/hydra-secret.yaml
|
||||||
|
- target:
|
||||||
|
version: v1
|
||||||
|
kind: Secret
|
||||||
|
name: oidc-test
|
||||||
|
path: patches/oidc-test.yaml
|
||||||
|
- target:
|
||||||
|
version: v1alpha1
|
||||||
|
kind: OAuth2Client
|
||||||
|
name: oidc-test-oauth2-client
|
||||||
|
path: patches/oidc-test-oauth2-client.yaml
|
@ -0,0 +1,6 @@
|
|||||||
|
- op: replace
|
||||||
|
path: "/spec/redirectUris/0"
|
||||||
|
value: https://ssokustom/oauth2/callback
|
||||||
|
- op: replace
|
||||||
|
path: "/spec/postLogoutRedirectUris/0"
|
||||||
|
value: https://ssokustom/oauth2/callback
|
9
examples/authenticated-app/patches/oidc-test.yaml
Normal file
9
examples/authenticated-app/patches/oidc-test.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
- op: replace
|
||||||
|
path: "/data/LOG_LEVEL"
|
||||||
|
value: 0
|
||||||
|
- op: replace
|
||||||
|
path: "/data/OIDC_REDIRECT_URL"
|
||||||
|
value: https://ssokustom/oauth2/callback
|
||||||
|
- op: replace
|
||||||
|
path: "/data/OIDC_POST_LOGOUT_REDIRECT_URL"
|
||||||
|
value: https://ssokustom
|
@ -1,66 +0,0 @@
|
|||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
io.kompose.service: app
|
|
||||||
name: app
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
io.kompose.service: app
|
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
io.kompose.service: app
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- image: reg.cadoles.com/cadoles/oidc-test:2023.11.6-stable.1557.e16b905
|
|
||||||
name: app
|
|
||||||
ports:
|
|
||||||
- containerPort: 8080
|
|
||||||
resources: {}
|
|
||||||
env:
|
|
||||||
- name: LOG_LEVEL
|
|
||||||
value: "0"
|
|
||||||
- name: HTTP_ADDRESS
|
|
||||||
value: 0.0.0.0:8080
|
|
||||||
- name: OIDC_CLIENT_ID
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: app-oidc-secret
|
|
||||||
key: client_id
|
|
||||||
- name: OIDC_CLIENT_SECRET
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: app-oidc-secret
|
|
||||||
key: client_secret
|
|
||||||
- name: OIDC_ISSUER_URL
|
|
||||||
value: http://hydra:4444
|
|
||||||
- name: OIDC_REDIRECT_URL
|
|
||||||
value: https://ssokustom/oauth2/callback
|
|
||||||
- name: OIDC_POST_LOGOUT_REDIRECT_URL
|
|
||||||
value: https://ssokustom
|
|
||||||
- name: OIDC_SKIP_ISSUER_VERIFICATION
|
|
||||||
value: "true"
|
|
||||||
- name: OIDC_INSECURE_SKIP_VERIFY
|
|
||||||
value: "true"
|
|
||||||
restartPolicy: Always
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
io.kompose.service: app
|
|
||||||
name: app
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
port: 8080
|
|
||||||
targetPort: 8080
|
|
||||||
selector:
|
|
||||||
io.kompose.service: app
|
|
||||||
status:
|
|
||||||
loadBalancer: {}
|
|
@ -20,7 +20,7 @@ spec:
|
|||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: app
|
name: oidc-test
|
||||||
port:
|
port:
|
||||||
name: http
|
name: http
|
||||||
---
|
---
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- ./resources/hydra
|
|
||||||
- ./resources/hydra-dispatcher
|
|
||||||
|
|
||||||
components:
|
|
||||||
- ./components/hydra-cnpg-database
|
|
||||||
- ./components/hydra-oidc
|
|
||||||
- ./components/hydra-saml
|
|
||||||
- ./components/hydra-sql
|
|
11
overlays/base/kustomization.yaml
Normal file
11
overlays/base/kustomization.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../resources/hydra
|
||||||
|
- ../../resources/hydra-dispatcher
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- pairs:
|
||||||
|
app.kubernetes.io/part-of: sso-kustom
|
||||||
|
app.kubernetes.io/component: auth
|
16
overlays/full/kustomization.yaml
Normal file
16
overlays/full/kustomization.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../base
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- pairs:
|
||||||
|
app.kubernetes.io/part-of: sso-kustom
|
||||||
|
app.kubernetes.io/component: auth
|
||||||
|
|
||||||
|
components:
|
||||||
|
- ../../components/hydra-cnpg-database
|
||||||
|
- ../../components/hydra-oidc
|
||||||
|
- ../../components/hydra-saml
|
||||||
|
- ../../components/hydra-sql
|
Loading…
Reference in New Issue
Block a user