From de2b67b11121fac117ecd6a6ce914e63bb20303c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 1 Aug 2020 22:13:12 +0200 Subject: [PATCH] providers/app_gw: improve templates --- .../app_gw/templates/app_gw/k8s-manifest.yaml | 20 ++++++++++++------- .../app_gw/templates/app_gw/setup_modal.html | 11 ++++++++-- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml b/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml index bae51d70d..04618250b 100644 --- a/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml +++ b/passbook/providers/app_gw/templates/app_gw/k8s-manifest.yaml @@ -2,18 +2,20 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - app.kubernetes.io/name: passbook-gatekeeper + app.kubernetes.io/name: "passbook-gatekeeper-{{ provider.name }}" + passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}" name: passbook-gatekeeper - namespace: kube-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: passbook-gatekeeper + passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}" template: metadata: labels: app.kubernetes.io/name: passbook-gatekeeper + passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}" spec: containers: - args: @@ -27,6 +29,10 @@ spec: value: "{{ cookie_secret }}" - name: OAUTH2_PROXY_OIDC_ISSUER_URL value: "{{ issuer }}" + - name: OAUTH2_PROXY_SET_XAUTHREQUEST + value: "true" + - name: OAUTH2_PROXY_SET_AUTHORIZATION_HEADER + value: "true" image: beryju/passbook-gatekeeper:{{ version }} imagePullPolicy: Always name: passbook-gatekeeper @@ -38,9 +44,9 @@ apiVersion: v1 kind: Service metadata: labels: - app.kubernetes.io/name: passbook-gatekeeper + app.kubernetes.io/name: "passbook-gatekeeper-{{ provider.name }}" + passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}" name: passbook-gatekeeper - namespace: kube-system spec: ports: - name: http @@ -49,18 +55,18 @@ spec: targetPort: 4180 selector: app.kubernetes.io/name: passbook-gatekeeper + passbook.beryju.org/gatekeeper/provider: "{{ provider.pk }}" --- apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: passbook-gatekeeper - namespace: kube-system + name: passbook-gatekeeper-{{ provider.name }} spec: rules: - host: {{ provider.external_host }} http: paths: - backend: - serviceName: passbook-gatekeeper + serviceName: "passbook-gatekeeper-{{ provider.name }}" servicePort: 4180 path: /oauth2 diff --git a/passbook/providers/app_gw/templates/app_gw/setup_modal.html b/passbook/providers/app_gw/templates/app_gw/setup_modal.html index ef3bdea99..caa76fe06 100644 --- a/passbook/providers/app_gw/templates/app_gw/setup_modal.html +++ b/passbook/providers/app_gw/templates/app_gw/setup_modal.html @@ -49,8 +49,15 @@ {% trans 'Here' %}

{% trans 'Afterwards, add the following annotations to the Ingress you want to secure:' %}