authZ+N chained

2025-08-12 13:59:08 +02:00 · 2025-02-03 16:03:41 +01:00
parent 8939577c15
commit f87f680a83
5 changed files with 48 additions and 1 deletions
--- a/deployment/auth-chain.yaml
+++ b/deployment/auth-chain.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: https-only
+spec:
+  redirectScheme:
+    scheme: https
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: auth-chain
+  namespace: apps
+spec:
+  chain:
+    middlewares:
+    - name: https-only
+    - name: authn
+    - name: authz
--- a/deployment/authZ/kustomization.yaml
+++ b/deployment/authZ/kustomization.yaml
@@ -8,4 +8,4 @@ resources:
  - ./deployment.yaml
  - ./service.yaml
  - ./horizontalPodAutoScaler.yaml
-  - ./forwardAuth.yaml
+  - ./middleware.yaml
--- a/deployment/authZ/middleware.yaml
+++ b/deployment/authZ/middleware.yaml
@@ -0,0 +1,11 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authz
+spec:
+  forwardAuth:
+    address: https://gh-authz/auth/
+    authResponseHeaders:
+      - id
+    tls:
+      insecureSkipVerify: true
--- a/deployment/backend/ingressRoute.yaml
+++ b/deployment/backend/ingressRoute.yaml
@@ -15,3 +15,5 @@ spec:
          port: 443
          scheme: https
          serversTransport: gh-backend
+      middlewares:
+        - name: auth-chain
--- a/deployment/kustomization.yaml
+++ b/deployment/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: generations-heritage
+
+bases:
+  - authZ
+  - authN
+  - backend
+  - memgraph
+
+resources:
+  - ./cert-issuer.yaml
+  - ./server-transport.yaml
+  - ./auth-chain.yaml