core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OAuth2 K8S

Browse Source
This commit is contained in:
mr
2026-02-24 08:51:48 +01:00
parent 84b6302d87
commit 81016b83cf
9 changed files with 73 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
utils/assets/templates/oc-auth/ingress.yaml
View File

@@ -15,9 +15,9 @@ spec:
name: oc-auth-svc
port: 8080
middlewares:
#{{- if index .Values.ocAuth.enableTraefikProxyIntegration }}
#- name: forward-auth
#{{- end }}
{{- if index .Values.ocAuth.enableTraefikProxyIntegration }}
- name: root-forward-auth
{{- end }}
- name: strip-auth-prefix
---
apiVersion: traefik.io/v1alpha1

1
utils/assets/templates/oc-front/config.yaml
View File

@@ -14,5 +14,6 @@ data:
"DATACENTER_HOST": "datacenter",
"COLLABORATIVE_AREA_HOST": "shared",
"HOST": "{{ .Values.scheme }}://{{ .Values.host }}:{{ .Values.hostPort }}",
"CLIENT": "{{ .Values.ocFront.oauth2.client }}"
}
{{- end }}

1
utils/assets/templates/oc-scheduler/ingress.yaml
View File

@@ -30,4 +30,5 @@ spec:
replacePathRegex:
regex: ^/scheduler(.*)
replacement: /oc$1
{{- end }}

1
utils/assets/templates/oc-shared/ingress.yaml
View File

@@ -29,4 +29,5 @@ spec:
replacePathRegex:
regex: ^/shared(.*)
replacement: /oc$1
{{- end }}

4
utils/assets/templates/openCloudConf.yaml
View File

@@ -16,6 +16,10 @@ data:
OC_AUTH_CONNECTOR_PUBLIC_HOST: "{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}"
OC_AUTH_CONNECTOR_PORT: "4444"
OC_AUTH_CONNECTOR_ADMIN_PORT: "4445/admin"
OC_CLIENT_ID: "{{ (index .Values.hydra.hydra.config.clients 0).client_id }}"
OC_CLIENT_ADMIN_ID: "{{ (index .Values.hydra.hydra.config.clients 1).client_id }}"
OC_OAUTH_REDIRECT_URI: "{{ .Values.scheme }}://{{ .Values.host }}:{{ .Values.hostPort }}"
OC_ADMIN_OAUTH_REDIRECT_URI: "{{ .Values.schemeAdmin }}://{{ .Values.hostAdmin }}:{{ .Values.hostPortAdmin }}"
OC_PERMISSION_CONNECTOR_READ_HOST: "{{ .Release.Name }}-keto-read.{{ .Release.Namespace }}"
OC_PERMISSION_CONNECTOR_WRITE_HOST: "{{ .Release.Name }}-keto-write.{{ .Release.Namespace }}"
OC_PERMISSION_CONNECTOR_PORT: "80"

17
utils/assets/templates/traefik/traefik.yaml
View File

@@ -5,6 +5,19 @@ metadata:
name: forward-auth
spec:
forwardAuth:
address: "http://oc-auth-svc.{{ .Release.Namespace }}:8080/oc/forward"
address: "http://oc-auth-svc:8080/oc/forward"
trustForwardHeader: true
{{- end }}
authResponseHeaders: X-Auth-Request-User,X-Auth-Request-Email
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: root-forward-auth
spec:
forwardAuth:
address: "http://{{ .Release.Name }}-hydra-public.{{ .Release.Namespace }}:4444/oauth2/auth"
trustForwardHeader: true
authResponseHeaders: X-Auth-Request-User,X-Auth-Request-Email
{{- end }}