diff --git a/ambassador/deployment.yaml b/ambassador/deployment.yaml new file mode 100644 index 00000000..88b59328 --- /dev/null +++ b/ambassador/deployment.yaml @@ -0,0 +1,105 @@ +--- +apiVersion: getambassador.io/v3alpha1 +kind: Listener +metadata: + name: edge-stack-listener-8080 + namespace: ambassador +spec: + port: 8080 + protocol: HTTP + securityModel: XFP + hostBinding: + namespace: + from: ALL +--- +apiVersion: getambassador.io/v3alpha1 +kind: Listener +metadata: + name: edge-stack-listener-8443 + namespace: ambassador +spec: + port: 8443 + protocol: HTTPS + securityModel: XFP + hostBinding: + namespace: + from: ALL + +--- +#apiVersion: getambassador.io/v3alpha1 +#kind: Filter +#metadata: +# name: keycloak-filter +# namespace: ambassador +#spec: +# OAuth2: +# #authorizationURL: https://localhost/auth/realms/treetracker +# #authorizationURL: http://192.168.0.103/auth/realms/treetracker +# authorizationURL: https://test.dadiorxxx.com/auth/realms/master +# insecureTLS: true +# #authorizationURL: https://dev-k8s.treetracker.org/auth/realms/treetracker +# audience: ambassador +# clientID: ambassador +# secret: mANEOrGcmRsAx8tKX6Rky6WcDjdp3TXx +# protectedOrigins: +# - origin: https://test.dadiorxxx.com/backend +# +#--- +#apiVersion: getambassador.io/v3alpha1 +#kind: FilterPolicy +#metadata: +# name: httpbin-policy +# namespace: ambassador +#spec: +# rules: +# - host: "*" +# path: /backend/ +# filters: +# - name: keycloak-filter ## Enter the Filter name from above +# arguments: +# scope: +# - "offline_access" + +#--- +#apiVersion: getambassador.io/v3alpha1 +#kind: AuthService +#metadata: +# name: authentication +# namespace: ambassador +#spec: +# auth_service: "treetracker-auth-service.default:80" +# +--- +apiVersion: getambassador.io/v3alpha1 +kind: Filter +metadata: + name: "auth-filter" + namespace: "ambassador" +spec: + External: + auth_service: "http://treetracker-auth-service.default.svc.cluster.local" + proto: http + tls: false + +--- +apiVersion: getambassador.io/v3alpha1 +kind: FilterPolicy +metadata: + name: httpbin-policy + namespace: ambassador +spec: + rules: + - host: "*" + path: /app/* + filters: + - name: auth-filter ## Enter the Filter name from above + arguments: + scope: + "offline_access" + - host: "*" + path: /api/* + filters: + - name: auth-filter ## Enter the Filter name from above + arguments: + scope: + "offline_access" diff --git a/keycloak/README.md b/keycloak/README.md new file mode 100644 index 00000000..f4edfb47 --- /dev/null +++ b/keycloak/README.md @@ -0,0 +1,2 @@ +# Solr + diff --git a/keycloak/deployment/base/kustomization.yaml b/keycloak/deployment/base/kustomization.yaml new file mode 100644 index 00000000..313903b5 --- /dev/null +++ b/keycloak/deployment/base/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- treetracker-keycloak-deployment.yml +- treetracker-keycloak-service.yml +- namespace.yaml +- mapping.yaml diff --git a/keycloak/deployment/base/mapping.yaml b/keycloak/deployment/base/mapping.yaml new file mode 100644 index 00000000..eaf00ff9 --- /dev/null +++ b/keycloak/deployment/base/mapping.yaml @@ -0,0 +1,11 @@ +apiVersion: getambassador.io/v2 +kind: Mapping +metadata: + name: treetracker-keycloak-mapping + namespace: keycloak +spec: + hostname: "*" + prefix: /auth/ + service: treetracker-keycloak-service + rewrite: /auth/ + timeout_ms: 60000 diff --git a/keycloak/deployment/base/namespace.yaml b/keycloak/deployment/base/namespace.yaml new file mode 100644 index 00000000..80e7888e --- /dev/null +++ b/keycloak/deployment/base/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: keycloak diff --git a/keycloak/deployment/base/treetracker-keycloak-deployment.yml b/keycloak/deployment/base/treetracker-keycloak-deployment.yml new file mode 100644 index 00000000..340b9fed --- /dev/null +++ b/keycloak/deployment/base/treetracker-keycloak-deployment.yml @@ -0,0 +1,41 @@ +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: "treetracker-keycloak" + namespace: "keycloak" + labels: + app: "treetracker-keycloak" +spec: + replicas: 1 + selector: + matchLabels: + app: "treetracker-keycloak" + template: + metadata: + labels: + app: "treetracker-keycloak" + spec: + containers: + - name: "keycloak" + image: quay.io/keycloak/keycloak:17.0.1 + args: ["start-dev"] + env: + - name: KEYCLOAK_ADMIN + value: "admin" + - name: KEYCLOAK_ADMIN_PASSWORD + value: "admin" + - name: KC_PROXY + value: "edge" + - name: KC_HTTP_RELATIVE_PATH + value: "/auth" + #- name: PROXY_ADDRESS_FORWARDING + #value: "true" + #- name: KC_HOSTNAME_PATH + #value: "auth" + - name: KC_LOG_LEVEL + value: "trace" + - name: KC_FEATURES + value: scripts,upload_scripts + ports: + - name: http + containerPort: 8080 diff --git a/keycloak/deployment/base/treetracker-keycloak-service.yml b/keycloak/deployment/base/treetracker-keycloak-service.yml new file mode 100644 index 00000000..346461fe --- /dev/null +++ b/keycloak/deployment/base/treetracker-keycloak-service.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: treetracker-keycloak-service + annotations: + labels: + app: treetracker-keycloak + name: treetracker-keycloak-service + namespace: keycloak +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: treetracker-keycloak diff --git a/keycloak/deployment/overlays/development/kustomization.yaml b/keycloak/deployment/overlays/development/kustomization.yaml new file mode 100644 index 00000000..6d0735b6 --- /dev/null +++ b/keycloak/deployment/overlays/development/kustomization.yaml @@ -0,0 +1,2 @@ +bases: + - ../../base