diff --git a/components/hydra-saml/files/hydra/saml.yaml b/components/hydra-saml/files/hydra/saml.yaml new file mode 100644 index 0000000..c9a7f32 --- /dev/null +++ b/components/hydra-saml/files/hydra/saml.yaml @@ -0,0 +1,12 @@ +hydra: + apps: + - id: saml + title: + fr: Connexion SAML + en: Login SAML + description: + fr: Authentification avec SAML + en: Authentication with SAML + login_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGIN_URL)%" + consent_url: "%env(string:HYDRA_DISPATCHER_SAML_CONSENT_URL)%" + logout_url: "%env(string:HYDRA_DISPATCHER_SAML_LOGOUT_URL)%" \ No newline at end of file diff --git a/components/hydra-saml/kustomization.yaml b/components/hydra-saml/kustomization.yaml new file mode 100644 index 0000000..ce570f8 --- /dev/null +++ b/components/hydra-saml/kustomization.yaml @@ -0,0 +1,38 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - ./resources/hydra-saml-service.yaml + - ./resources/hydra-saml-shibboleth-sp-deployment.yaml + - ./resources/hydra-saml-remote-user-deployment.yaml + - ./resources/hydra-saml-remote-user-service.yaml + +configMapGenerator: + - name: hydra-saml-env + literals: + # Hydra Remote User environment variables + - APP_ENV=prod + - APP_DEBUG=false + - HTTP_BASE_URL=http://hydra-saml + - COOKIE_PATH=/ + - HYDRA_ADMIN_BASE_URL=http://hydra:4445/admin + - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR + - LOGOUT_REDIRECT_URL_PATTERN=http://hydra-saml/Shibboleth.sso/Logout?return=%s' + # Shibboleth SP environment variables + - SP_ENTITY_ID=http://hydra-saml-shibboleth-sp + - IDP_ENTITY_ID=http://saml-idp + - IDP_METADATA_URL=http://saml-idp/metadata + - APACHE_BACKEND_URL=http://hydra-saml-remote-user + - APACHE_FORCE_HTTPS=false + - SP_HANDLER_BASE_PATH=/ + - name: hydra-dispatcher-apps + behavior: merge + files: + - ./files/hydra/saml.yaml + +patchesJson6902: + - target: + version: v1 + kind: ConfigMap + name: hydra-dispatcher-env + path: patches/hydra-dispatcher-env.yaml \ No newline at end of file diff --git a/components/hydra-saml/patches/hydra-dispatcher-env.yaml b/components/hydra-saml/patches/hydra-dispatcher-env.yaml new file mode 100644 index 0000000..9336e65 --- /dev/null +++ b/components/hydra-saml/patches/hydra-dispatcher-env.yaml @@ -0,0 +1,9 @@ +- op: replace + path: "/data/HYDRA_DISPATCHER_SAML_LOGIN_URL" + value: http://hydra-saml-shibboleth-sp/login +- op: replace + path: "/data/HYDRA_DISPATCHER_SAML_CONSENT_URL" + value: http://hydra-saml-shibboleth-sp/consent +- op: replace + path: "/data/HYDRA_DISPATCHER_SAML_LOGOUT_URL" + value: http://hydra-saml-shibboleth-sp/logout \ No newline at end of file diff --git a/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml b/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml new file mode 100644 index 0000000..3c59a75 --- /dev/null +++ b/components/hydra-saml/resources/hydra-saml-remote-user-deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + io.kompose.service: hydra-saml-remote-user + name: hydra-saml-remote-user +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: hydra-saml-remote-user + strategy: + type: Recreate + template: + metadata: + labels: + io.kompose.service: hydra-saml-remote-user + spec: + containers: + - name: hydra-saml-remote-user + image: reg.cadoles.com/cadoles/hydra-remote-user-v1:v0.0.0-159-gd91e77b + envFrom: + - configMapRef: + name: hydra-saml-env + ports: + - containerPort: 80 + resources: {} + restartPolicy: Always + diff --git a/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml b/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml new file mode 100644 index 0000000..960ecea --- /dev/null +++ b/components/hydra-saml/resources/hydra-saml-remote-user-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + io.kompose.service: hydra-saml-remote-user + name: hydra-saml-remote-user +spec: + ports: + - name: hydra-saml-remote-user + port: 80 + selector: + io.kompose.service: hydra-saml-remote-user +status: + loadBalancer: {} diff --git a/components/hydra-saml/resources/hydra-saml-service.yaml b/components/hydra-saml/resources/hydra-saml-service.yaml new file mode 100644 index 0000000..c85bbc1 --- /dev/null +++ b/components/hydra-saml/resources/hydra-saml-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + io.kompose.service: hydra-saml + name: hydra-saml +spec: + ports: + - name: hydra-saml-shibboleth-sp + port: 80 + selector: + io.kompose.service: hydra-saml-shibboleth-sp +status: + loadBalancer: {} diff --git a/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml b/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml new file mode 100644 index 0000000..1810238 --- /dev/null +++ b/components/hydra-saml/resources/hydra-saml-shibboleth-sp-deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + io.kompose.service: hydra-saml-shibboleth-sp + name: hydra-saml-shibboleth-sp +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: hydra-saml-shibboleth-sp + strategy: + type: Recreate + template: + metadata: + labels: + io.kompose.service: hydra-saml-shibboleth-sp + spec: + containers: + - name: hydra-saml-shibboleth-sp + image: reg.cadoles.com/cadoles/shibboleth-sp-v3:v0.0.0-159-gd91e77b + envFrom: + - configMapRef: + name: hydra-saml-env + ports: + - containerPort: 80 + resources: {} + restartPolicy: Always + diff --git a/kustomization.yaml b/kustomization.yaml index 25761d1..aa8cbeb 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -7,4 +7,5 @@ resources: components: - ./components/hydra-cnpg-database - - ./components/hydra-oidc \ No newline at end of file + - ./components/hydra-oidc + - ./components/hydra-saml \ No newline at end of file