CadolesKube/sso-kustom
15
0
Fork 0
Code Issues 20 Pull Requests 6 Projects Releases Wiki Activity

fix: use hydra-ldap and olm operator to fix example

Browse Source
This commit is contained in:
wpetit
2025-02-13 17:02:48 +01:00
committed by Laurent Gourvénec
parent c97266c272
commit c01eb28d8c
34 changed files with 729 additions and 461 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
examples/authenticated-app/resources/glauth-ldap.yaml Normal file
View File

@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: glauth-ldap
name: glauth-ldap
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: glauth-ldap
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: glauth-ldap
spec:
containers:
- image: glauth/glauth:v2.3.2
name: glauth-ldap
ports:
- containerPort: 3893
name: ldap
- containerPort: 3894
name: ldaps
resources: {}
volumeMounts:
- name: glauth-ldap-conf
mountPath: /app/config/config.cfg
subPath: glauth.conf
restartPolicy: Always
volumes:
- name: glauth-ldap-conf
configMap:
name: glauth-ldap-conf
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: glauth-ldap
name: glauth-ldap
spec:
ports:
- name: ldap
port: 389
targetPort: ldap
- name: ldaps
port: 636
targetPort: ldaps
selector:
app.kubernetes.io/name: glauth-ldap
status:
loadBalancer: {}

138
examples/authenticated-app/resources/ingress.yaml
View File

@ -10,43 +10,47 @@ metadata:
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: oidc-test
port:
name: http
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: oidc-test
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: auth-saml
name: auth-ldap
annotations:
cert-manager.io/issuer: "self-signed"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/x-forwarded-prefix: /auth/ldap
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Forwarded-Proto https;
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /auth/saml(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-saml
port:
name: http
- http:
paths:
- path: /auth/ldap(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-ldap
port:
name: hydra-ldap
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -57,22 +61,24 @@ metadata:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/x-forwarded-prefix: /auth/dispatcher
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Forwarded-Proto https;
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /auth/dispatcher(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-dispatcher
port:
name: http
- http:
paths:
- path: /auth/dispatcher(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra-dispatcher
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -82,50 +88,22 @@ metadata:
cert-manager.io/issuer: "self-signed"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/x-forwarded-prefix: /auth
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header X-Forwarded-Proto https;
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /auth(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra
port:
name: hydra-public
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: saml-idp
annotations:
cert-manager.io/issuer: "self-signed"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /simplesaml/$2
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: nginx
tls:
- hosts:
- ssokustom
secretName: ssokustom-example-tls
rules:
- http:
paths:
- path: /simplesaml(/|$)(.*)
pathType: Prefix
backend:
service:
name: saml-idp
port:
name: https
- http:
paths:
- path: /auth(/|$)(.*)
pathType: Prefix
backend:
service:
name: hydra
port:
name: hydra-public

51
examples/authenticated-app/resources/saml-idp.yaml
View File

@ -1,51 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: saml-idp
name: saml-idp
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: saml-idp
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: saml-idp
spec:
containers:
- image: kristophjunge/test-saml-idp:1.15
name: saml-idp
ports:
- containerPort: 8443
resources: {}
env:
- name: SIMPLESAMLPHP_SP_ENTITY_ID
value: https://ssokustom/auth/saml
- name: SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE
value: https://ssokustom/auth/saml/Shibboleth.sso/SAML2/POST
- name: SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE
value: https://ssokustom/auth/saml/Shibboleth.sso/Logout?return=https://ssokustom
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: saml-idp
name: saml-idp
spec:
ports:
- name: http
port: 8080
targetPort: 8080
- name: https
port: 8443
targetPort: 8443
selector:
app.kubernetes.io/name: saml-idp
status:
loadBalancer: {}