providers/app_gw: Fix K8s template labels, add missing ISSUER_URL
This commit is contained in:
parent
e9411d856c
commit
fcf70a3cd4
|
@ -2,29 +2,31 @@ apiVersion: apps/v1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: passbook-gatekeeper
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
name: passbook-gatekeeper
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: passbook-gatekeeper
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: passbook-gatekeeper
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --upstream=file:///dev/null
|
||||
env:
|
||||
- name: OAUTH2_PROXY_CLIENT_ID
|
||||
value: {{ provider.client.client_id }}
|
||||
value: "{{ provider.client.client_id }}"
|
||||
- name: OAUTH2_PROXY_CLIENT_SECRET
|
||||
value: {{ provider.client.client_secret }}
|
||||
value: "{{ provider.client.client_secret }}"
|
||||
- name: OAUTH2_PROXY_COOKIE_SECRET
|
||||
value: {{ cookie_secret }}
|
||||
value: "{{ cookie_secret }}"
|
||||
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
|
||||
value: "{{ issuer }}"
|
||||
image: beryju/passbook-gatekeeper:{{ version }}
|
||||
imagePullPolicy: Always
|
||||
name: passbook-gatekeeper
|
||||
|
@ -36,7 +38,7 @@ apiVersion: v1
|
|||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: passbook-gatekeeper
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
name: passbook-gatekeeper
|
||||
namespace: kube-system
|
||||
spec:
|
||||
|
@ -46,7 +48,7 @@ spec:
|
|||
protocol: TCP
|
||||
targetPort: 4180
|
||||
selector:
|
||||
k8s-app: passbook-gatekeeper
|
||||
app.kubernetes.io/name: passbook-gatekeeper
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
|
|
|
@ -6,9 +6,10 @@ from urllib.parse import urlparse
|
|||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.db.models import Model
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.shortcuts import get_object_or_404, render, reverse
|
||||
from django.shortcuts import get_object_or_404, render
|
||||
from django.views import View
|
||||
from guardian.shortcuts import get_objects_for_user
|
||||
from oidc_provider.lib.utils.common import get_issuer, get_site_url
|
||||
from structlog import get_logger
|
||||
from yaml import safe_dump
|
||||
|
||||
|
@ -37,14 +38,13 @@ class DockerComposeView(LoginRequiredMixin, View):
|
|||
|
||||
def get_compose(self, provider: ApplicationGatewayProvider) -> str:
|
||||
"""Generate docker-compose yaml, version 3.5"""
|
||||
full_issuer_user = self.request.build_absolute_uri(
|
||||
reverse("passbook_providers_oidc:authorize")
|
||||
)
|
||||
site_url = get_site_url(request=self.request)
|
||||
issuer = get_issuer(site_url=site_url, request=self.request)
|
||||
env = {
|
||||
"OAUTH2_PROXY_CLIENT_ID": provider.client.client_id,
|
||||
"OAUTH2_PROXY_CLIENT_SECRET": provider.client.client_secret,
|
||||
"OAUTH2_PROXY_REDIRECT_URL": f"{provider.external_host}/oauth2/callback",
|
||||
"OAUTH2_PROXY_OIDC_ISSUER_URL": full_issuer_user,
|
||||
"OAUTH2_PROXY_OIDC_ISSUER_URL": issuer,
|
||||
"OAUTH2_PROXY_COOKIE_SECRET": get_cookie_secret(),
|
||||
"OAUTH2_PROXY_UPSTREAMS": provider.internal_host,
|
||||
}
|
||||
|
@ -85,6 +85,8 @@ class K8sManifestView(LoginRequiredMixin, View):
|
|||
"passbook_providers_app_gw.view_applicationgatewayprovider",
|
||||
pk=provider_pk,
|
||||
)
|
||||
site_url = get_site_url(request=self.request)
|
||||
issuer = get_issuer(site_url=site_url, request=self.request)
|
||||
return render(
|
||||
request,
|
||||
"app_gw/k8s-manifest.yaml",
|
||||
|
@ -92,6 +94,7 @@ class K8sManifestView(LoginRequiredMixin, View):
|
|||
"provider": provider,
|
||||
"cookie_secret": get_cookie_secret(),
|
||||
"version": __version__,
|
||||
"issuer": issuer,
|
||||
},
|
||||
content_type="text/yaml",
|
||||
)
|
||||
|
|
Reference in a new issue