feat: add oidc-test app component

This commit is contained in:
wpetit 2023-12-07 08:59:45 +01:00
parent ddbedf45ee
commit ad1c9d2bc3
12 changed files with 136 additions and 89 deletions

View File

@ -0,0 +1,20 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ./resources/deployment.yaml
- ./resources/service.yaml
- ./resources/oauth2-client.yaml
configMapGenerator:
- name: oidc-test
literals:
- LOG_LEVEL=0
- HTTP_ADDRESS=0.0.0.0:8080
- OIDC_CLIENT_ID=oidc-test
- OIDC_CLIENT_SECRET=NotSoSecret
- OIDC_ISSUER_URL=http://hydra:4444
- OIDC_REDIRECT_URL=https://example.net/oauth2/callback
- OIDC_POST_LOGOUT_REDIRECT_URL=https://example.net
- OIDC_SKIP_ISSUER_VERIFICATION="true"
- OIDC_INSECURE_SKIP_VERIFY="true"

View File

@ -0,0 +1,39 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: oidc-test
name: oidc-test
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: oidc-test
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: oidc-test
spec:
containers:
- image: reg.cadoles.com/cadoles/oidc-test:2023.12.6-stable.1502.ebfd504
name: oidc-test
ports:
- containerPort: 8080
resources: {}
envFrom:
- configMapRef:
name: oidc-test
env:
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: oidc-test-oauth2-client
key: client_id
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: oidc-test-oauth2-client
key: client_secret
restartPolicy: Always

View File

@ -1,9 +1,9 @@
apiVersion: hydra.ory.sh/v1alpha1 apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client kind: OAuth2Client
metadata: metadata:
name: app-oauth2-client name: oidc-test-oauth2-client
spec: spec:
clientName: "app" clientName: "oidc-test"
tokenEndpointAuthMethod: "client_secret_basic" tokenEndpointAuthMethod: "client_secret_basic"
grantTypes: grantTypes:
- authorization_code - authorization_code
@ -11,8 +11,8 @@ spec:
responseTypes: responseTypes:
- code - code
scope: "openid email" scope: "openid email"
secretName: app-oidc-secret secretName: oidc-test-oauth2-client
redirectUris: redirectUris:
- https://ssokustom/oauth2/callback - https://example.net/oauth2/callback
postLogoutRedirectUris: postLogoutRedirectUris:
- https://ssokustom - https://example.net

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: oidc-test
name: oidc-test
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
app.kubernetes.io/name: oidc-test
status:
loadBalancer: {}

View File

@ -2,20 +2,19 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../resources/hydra - ../../overlays/base
- ../../resources/hydra-dispatcher
- ./resources/app.yaml
- ./resources/ingress.yaml - ./resources/ingress.yaml
- ./resources/oauth2-client.yaml
- ./resources/saml-idp.yaml - ./resources/saml-idp.yaml
- ./resources/self-signed-issuer.yaml - ./resources/self-signed-issuer.yaml
- ./resources/port-forwarder.yaml - ./resources/port-forwarder.yaml
components: components:
- ../../components/hydra-cnpg-database - ../../components/hydra-cnpg-database
- ../../components/oidc-test
#- ../../components/hydra-oidc #- ../../components/hydra-oidc
- ../../components/hydra-saml - ../../components/hydra-saml
patchesJson6902: patchesJson6902:
- target: - target:
version: v1 version: v1
@ -36,4 +35,14 @@ patchesJson6902:
version: v1 version: v1
kind: Secret kind: Secret
name: hydra-secret name: hydra-secret
path: patches/hydra-secret.yaml path: patches/hydra-secret.yaml
- target:
version: v1
kind: Secret
name: oidc-test
path: patches/oidc-test.yaml
- target:
version: v1alpha1
kind: OAuth2Client
name: oidc-test-oauth2-client
path: patches/oidc-test-oauth2-client.yaml

View File

@ -0,0 +1,6 @@
- op: replace
path: "/spec/redirectUris/0"
value: https://ssokustom/oauth2/callback
- op: replace
path: "/spec/postLogoutRedirectUris/0"
value: https://ssokustom/oauth2/callback

View File

@ -0,0 +1,9 @@
- op: replace
path: "/data/LOG_LEVEL"
value: 0
- op: replace
path: "/data/OIDC_REDIRECT_URL"
value: https://ssokustom/oauth2/callback
- op: replace
path: "/data/OIDC_POST_LOGOUT_REDIRECT_URL"
value: https://ssokustom

View File

@ -1,66 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: app
name: app
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: app
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: app
spec:
containers:
- image: reg.cadoles.com/cadoles/oidc-test:2023.11.6-stable.1557.e16b905
name: app
ports:
- containerPort: 8080
resources: {}
env:
- name: LOG_LEVEL
value: "0"
- name: HTTP_ADDRESS
value: 0.0.0.0:8080
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: app-oidc-secret
key: client_id
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: app-oidc-secret
key: client_secret
- name: OIDC_ISSUER_URL
value: http://hydra:4444
- name: OIDC_REDIRECT_URL
value: https://ssokustom/oauth2/callback
- name: OIDC_POST_LOGOUT_REDIRECT_URL
value: https://ssokustom
- name: OIDC_SKIP_ISSUER_VERIFICATION
value: "true"
- name: OIDC_INSECURE_SKIP_VERIFY
value: "true"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: app
name: app
spec:
ports:
- name: http
port: 8080
targetPort: 8080
selector:
io.kompose.service: app
status:
loadBalancer: {}

View File

@ -20,7 +20,7 @@ spec:
pathType: Prefix pathType: Prefix
backend: backend:
service: service:
name: app name: oidc-test
port: port:
name: http name: http
--- ---

View File

@ -1,12 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./resources/hydra
- ./resources/hydra-dispatcher
components:
- ./components/hydra-cnpg-database
- ./components/hydra-oidc
- ./components/hydra-saml
- ./components/hydra-sql

View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../resources/hydra
- ../../resources/hydra-dispatcher
labels:
- pairs:
app.kubernetes.io/part-of: sso-kustom
app.kubernetes.io/component: auth

View File

@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
labels:
- pairs:
app.kubernetes.io/part-of: sso-kustom
app.kubernetes.io/component: auth
components:
- ../../components/hydra-cnpg-database
- ../../components/hydra-oidc
- ../../components/hydra-saml
- ../../components/hydra-sql