Fixing oc-auth service, and hydra and keto integration
This commit is contained in:
@@ -14,6 +14,11 @@ spec:
|
||||
- kind: Service
|
||||
name: oc-auth-svc
|
||||
port: 8094
|
||||
middlewares:
|
||||
{{- if index .Values.ocAuth.enableTraefikProxyIntegration }}
|
||||
- name: forward-auth
|
||||
{{- end }}
|
||||
- name: strip-auth-prefix
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
@@ -23,5 +28,4 @@ spec:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/auth"
|
||||
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -5,22 +5,32 @@ metadata:
|
||||
name: open-cloud-client
|
||||
spec:
|
||||
grantTypes:
|
||||
- implicit
|
||||
- refresh_token
|
||||
- authorization_code
|
||||
- client_credentials
|
||||
- implicit
|
||||
responseTypes:
|
||||
- id_token
|
||||
- token
|
||||
- code
|
||||
scope: openid profile email roles
|
||||
secretName: oc-auth-got-secret
|
||||
secretName: oc-oauth2-client-secret
|
||||
redirectUris:
|
||||
- https://myapp.example.com/callback
|
||||
- https://{{ .Values.host }}/auth/callback
|
||||
postLogoutRedirectUris:
|
||||
- http://localhost:3000
|
||||
- https://{{ .Values.host }}/auth/logout/
|
||||
tokenEndpointAuthMethod: client_secret_post
|
||||
allowedCorsOrigins:
|
||||
- http://localhost
|
||||
- "http://0.0.0.0"
|
||||
#---
|
||||
#apiVersion: v1
|
||||
#kind: Secret
|
||||
#metadata:
|
||||
# name: oc-auth-got-secret
|
||||
# namespace: dev
|
||||
#stringData:
|
||||
# CLIENT_ID: {{ .Values.ocAuth.hydra.clientId }}
|
||||
# CLIENT_SECRET: {{ .Values.ocAuth.hydra.clientSecret }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
31
opencloud/templates/oc-auth/rbac.yaml
Normal file
31
opencloud/templates/oc-auth/rbac.yaml
Normal file
@@ -0,0 +1,31 @@
|
||||
{{- if .Values.ocAuth.enabled }}
|
||||
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: secret-reader-role
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "list"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: secret-reader-binding
|
||||
namespace: default
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ocauth-sa
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: secret-reader-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
kind: ServiceAccount
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: ocauth-sa
|
||||
{{- end }}
|
||||
|
||||
Reference in New Issue
Block a user