forked from kyma-project/kyma
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Replace keycloak-proxy by oauth2-proxy (kyma-project#11518)
* Replace keycloak-proxy by oaht2-proxy for Grafana * Replace keycloak-proxy by oauth2-proxy for Kiali * Replace keycloak-proxy by oauth2-proxy for Jaeger * Update values for kcproxy to oauth2 proxy migration * Do not shop oauth2 proxy login page when using Dex * Adapt Dex redirect URLs for oauth2 proxy * Add oauth2 proxy overrides for fast integration test * Apply review comments * Update oauth2 proxy image tag * Disable request logging
- Loading branch information
Christoph Kleineweber
committed
Jun 25, 2021
1 parent
dd7c314
commit 2d94fad
Showing
27 changed files
with
384 additions
and
395 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
resources/kiali/templates/kyma-additions/auth-proxy-configmap.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{{- if .Values.authProxy.enabled }} | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ template "kiali-server.name" . }}-auth-proxy | ||
namespace: {{ .Release.Namespace }} | ||
labels: | ||
{{- include "kiali-server.labels" . | nindent 4 }} | ||
data: | ||
sign_in.html: | | ||
<!DOCTYPE html> | ||
<html lang="en" charset="utf-8"> | ||
<head> | ||
<meta http-equiv = "refresh" content = "0; url = {{ .Values.authProxy.configDocsLink }}" /> | ||
</head> | ||
<body> | ||
</body> | ||
</html> | ||
{{- end }} |
72 changes: 72 additions & 0 deletions
72
resources/kiali/templates/kyma-additions/auth-proxy-deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
{{if .Values.authProxy.enabled}} | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: {{ template "kiali-server.name" . }}-auth-proxy | ||
namespace: {{ .Release.Namespace }} | ||
labels: | ||
{{- include "kiali-server.labels" . | nindent 4 }} | ||
spec: | ||
replicas: {{ .Values.authProxy.replicaCount }} | ||
selector: | ||
matchLabels: | ||
app: {{ template "kiali-server.name" . }}-auth-proxy | ||
template: | ||
metadata: | ||
labels: | ||
app: {{ template "kiali-server.name" . }}-auth-proxy | ||
spec: | ||
{{- if .Values.global.isLocalEnv }} | ||
hostNetwork: true #only for minikube | ||
hostAliases: | ||
- ip: {{ .Values.global.minikubeIP }} | ||
hostnames: | ||
- "dex.{{ .Values.global.ingress.domainName }}" | ||
{{- end }} | ||
{{- if .Values.authProxy.nodeSelector }} | ||
nodeSelector: | ||
{{ toYaml .Values.authProxy.nodeSelector | indent 8 }} | ||
{{- end }} | ||
volumes: | ||
- name: templates-cm | ||
configMap: | ||
name: {{ template "kiali-server.name" . }}-auth-proxy | ||
containers: | ||
- image: "{{ .Values.authProxy.image.repository }}:{{ .Values.authProxy.image.tag }}" | ||
imagePullPolicy: {{ .Values.authProxy.image.pullPolicy }} | ||
name: auth-proxy | ||
args: | ||
- --http-address=0.0.0.0:{{ .Values.authProxy.port }} | ||
- --upstream=http://{{ template "kiali-server.name" . }}-server:{{ .Values.kiali.spec.server.port }} | ||
- --cookie-secure=true | ||
- --cookie-domain=kiali.{{ .Values.global.ingress.domainName }} | ||
- --cookie-name=KYMA_KIALI_TOKEN | ||
- --silence-ping-logging=true | ||
- --reverse-proxy=true | ||
- --auth-logging={{ .Values.authProxy.config.authLogging }} | ||
- --request-logging={{ .Values.authProxy.config.requestLogging }} | ||
envFrom: | ||
- secretRef: | ||
name: {{ template "kiali-server.name" . }}-auth-proxy | ||
optional: false | ||
- secretRef: | ||
name: {{ template "kiali-server.name" . }}-auth-proxy-user | ||
optional: true | ||
ports: | ||
- name: http | ||
containerPort: {{ .Values.authProxy.port }} | ||
protocol: TCP | ||
livenessProbe: | ||
httpGet: | ||
path: /ping | ||
port: http | ||
{{- if .Values.authProxy.securityContext }} | ||
securityContext: | ||
{{ toYaml .Values.authProxy.securityContext | nindent 10 }} | ||
{{- end }} | ||
resources: | ||
{{ toYaml .Values.authProxy.resources | indent 10 }} | ||
volumeMounts: | ||
- name: templates-cm | ||
mountPath: /templates | ||
{{end}} |
34 changes: 34 additions & 0 deletions
34
resources/kiali/templates/kyma-additions/auth-proxy-secret.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
{{if .Values.authProxy.enabled}} | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: {{ template "kiali-server.name" . }}-auth-proxy | ||
namespace: {{ .Release.Namespace }} | ||
labels: | ||
{{- include "kiali-server.labels" . | nindent 4 }} | ||
data: | ||
OAUTH2_PROXY_CLIENT_ID: {{ .Values.authProxy.config.clientId | b64enc | quote }} | ||
OAUTH2_PROXY_CLIENT_SECRET: {{ .Values.authProxy.config.clientSecret | b64enc | quote }} | ||
OAUTH2_PROXY_EMAIL_DOMAINS: {{ .Values.authProxy.config.emailDomains | b64enc | quote }} | ||
OAUTH2_PROXY_COOKIE_SECRET: {{ randAlphaNum 32 | b64enc | quote }} | ||
{{- if .Values.authProxy.configDocsLink }} | ||
OAUTH2_PROXY_CUSTOM_TEMPLATES_DIR: {{ "/templates" | b64enc | quote }} | ||
{{- end }} | ||
OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY: {{ not .Values.authProxy.config.tlsVerify | toString | b64enc | quote }} | ||
{{- if .Values.authProxy.config.useKymaGroups }} | ||
OAUTH2_PROXY_ALLOWED_GROUPS: {{ template "kiali.kyma.authProxy.kymaGroups" . | b64enc | quote }} | ||
{{- else if .Values.authProxy.config.groups }} | ||
OAUTH2_PROXY_ALLOWED_GROUPS: {{ .Values.authProxy.config.groups | b64enc | quote }} | ||
{{- end }} | ||
{{- if .Values.authProxy.config.scopes }} | ||
OAUTH2_PROXY_SCOPES: {{ .Values.authProxy.config.scopes | b64enc | quote }} | ||
{{- end }} | ||
{{- if .Values.authProxy.config.useDex }} | ||
OAUTH2_PROXY_PROVIDER: {{ "oidc" | b64enc | quote }} | ||
OAUTH2_PROXY_OIDC_ISSUER_URL: {{ print "https://dex." .Values.global.ingress.domainName | b64enc | quote }} | ||
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: {{ "true" | b64enc | quote }} | ||
{{- end }} | ||
{{- range $key, $val := .Values.authProxy.env }} | ||
{{ $key }}: {{ $val | b64enc | quote }} | ||
{{- end }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
100 changes: 0 additions & 100 deletions
100
resources/kiali/templates/kyma-additions/kcproxy-deployment.yaml
This file was deleted.
Oops, something went wrong.
13 changes: 0 additions & 13 deletions
13
resources/kiali/templates/kyma-additions/kcproxy-secret.yaml
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,3 +14,5 @@ spec: | |
portLevelMtls: | ||
9090: | ||
mode: PERMISSIVE | ||
{{ .Values.kiali.spec.server.port }}: | ||
mode: PERMISSIVE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.