providers/app_gw: Fix K8s template labels, add missing ISSUER_URL
This commit is contained in:
Jens Langhammer
parent
e9411d856c
commit
fcf70a3cd4
|
|
@ -2,29 +2,31 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
k8s-app: passbook-gatekeeper
|
app.kubernetes.io/name: passbook-gatekeeper
|
||||||
name: passbook-gatekeeper
|
name: passbook-gatekeeper
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
k8s-app: passbook-gatekeeper
|
app.kubernetes.io/name: passbook-gatekeeper
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
k8s-app: passbook-gatekeeper
|
app.kubernetes.io/name: passbook-gatekeeper
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- args:
|
- args:
|
||||||
- --upstream=file:///dev/null
|
- --upstream=file:///dev/null
|
||||||
env:
|
env:
|
||||||
- name: OAUTH2_PROXY_CLIENT_ID
|
- name: OAUTH2_PROXY_CLIENT_ID
|
||||||
value: {{ provider.client.client_id }}
|
value: "{{ provider.client.client_id }}"
|
||||||
- name: OAUTH2_PROXY_CLIENT_SECRET
|
- name: OAUTH2_PROXY_CLIENT_SECRET
|
||||||
value: {{ provider.client.client_secret }}
|
value: "{{ provider.client.client_secret }}"
|
||||||
- name: OAUTH2_PROXY_COOKIE_SECRET
|
- name: OAUTH2_PROXY_COOKIE_SECRET
|
||||||
value: {{ cookie_secret }}
|
value: "{{ cookie_secret }}"
|
||||||
|
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
|
||||||
|
value: "{{ issuer }}"
|
||||||
image: beryju/passbook-gatekeeper:{{ version }}
|
image: beryju/passbook-gatekeeper:{{ version }}
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
name: passbook-gatekeeper
|
name: passbook-gatekeeper
|
||||||
|
|
@ -36,7 +38,7 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
k8s-app: passbook-gatekeeper
|
app.kubernetes.io/name: passbook-gatekeeper
|
||||||
name: passbook-gatekeeper
|
name: passbook-gatekeeper
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -46,7 +48,7 @@ spec:
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
targetPort: 4180
|
targetPort: 4180
|
||||||
selector:
|
selector:
|
||||||
k8s-app: passbook-gatekeeper
|
app.kubernetes.io/name: passbook-gatekeeper
|
||||||
---
|
---
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,10 @@ from urllib.parse import urlparse
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.db.models import Model
|
from django.db.models import Model
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
from django.shortcuts import get_object_or_404, render, reverse
|
from django.shortcuts import get_object_or_404, render
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from guardian.shortcuts import get_objects_for_user
|
from guardian.shortcuts import get_objects_for_user
|
||||||
|
from oidc_provider.lib.utils.common import get_issuer, get_site_url
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
from yaml import safe_dump
|
from yaml import safe_dump
|
||||||
|
|
||||||
|
|
@ -37,14 +38,13 @@ class DockerComposeView(LoginRequiredMixin, View):
|
||||||
|
|
||||||
def get_compose(self, provider: ApplicationGatewayProvider) -> str:
|
def get_compose(self, provider: ApplicationGatewayProvider) -> str:
|
||||||
"""Generate docker-compose yaml, version 3.5"""
|
"""Generate docker-compose yaml, version 3.5"""
|
||||||
full_issuer_user = self.request.build_absolute_uri(
|
site_url = get_site_url(request=self.request)
|
||||||
reverse("passbook_providers_oidc:authorize")
|
issuer = get_issuer(site_url=site_url, request=self.request)
|
||||||
)
|
|
||||||
env = {
|
env = {
|
||||||
"OAUTH2_PROXY_CLIENT_ID": provider.client.client_id,
|
"OAUTH2_PROXY_CLIENT_ID": provider.client.client_id,
|
||||||
"OAUTH2_PROXY_CLIENT_SECRET": provider.client.client_secret,
|
"OAUTH2_PROXY_CLIENT_SECRET": provider.client.client_secret,
|
||||||
"OAUTH2_PROXY_REDIRECT_URL": f"{provider.external_host}/oauth2/callback",
|
"OAUTH2_PROXY_REDIRECT_URL": f"{provider.external_host}/oauth2/callback",
|
||||||
"OAUTH2_PROXY_OIDC_ISSUER_URL": full_issuer_user,
|
"OAUTH2_PROXY_OIDC_ISSUER_URL": issuer,
|
||||||
"OAUTH2_PROXY_COOKIE_SECRET": get_cookie_secret(),
|
"OAUTH2_PROXY_COOKIE_SECRET": get_cookie_secret(),
|
||||||
"OAUTH2_PROXY_UPSTREAMS": provider.internal_host,
|
"OAUTH2_PROXY_UPSTREAMS": provider.internal_host,
|
||||||
}
|
}
|
||||||
|
|
@ -85,6 +85,8 @@ class K8sManifestView(LoginRequiredMixin, View):
|
||||||
"passbook_providers_app_gw.view_applicationgatewayprovider",
|
"passbook_providers_app_gw.view_applicationgatewayprovider",
|
||||||
pk=provider_pk,
|
pk=provider_pk,
|
||||||
)
|
)
|
||||||
|
site_url = get_site_url(request=self.request)
|
||||||
|
issuer = get_issuer(site_url=site_url, request=self.request)
|
||||||
return render(
|
return render(
|
||||||
request,
|
request,
|
||||||
"app_gw/k8s-manifest.yaml",
|
"app_gw/k8s-manifest.yaml",
|
||||||
|
|
@ -92,6 +94,7 @@ class K8sManifestView(LoginRequiredMixin, View):
|
||||||
"provider": provider,
|
"provider": provider,
|
||||||
"cookie_secret": get_cookie_secret(),
|
"cookie_secret": get_cookie_secret(),
|
||||||
"version": __version__,
|
"version": __version__,
|
||||||
|
"issuer": issuer,
|
||||||
},
|
},
|
||||||
content_type="text/yaml",
|
content_type="text/yaml",
|
||||||
)
|
)
|
||||||
|
|
|
||||||
Reference in New Issue