From f87f680a838030b8cefa7d606a8b2813bf0f2bc5 Mon Sep 17 00:00:00 2001 From: Vargha Csongor Date: Mon, 3 Feb 2025 16:03:41 +0100 Subject: [PATCH] authZ+N chained --- deployment/auth-chain.yaml | 20 ++++++++++++++++++++ deployment/authZ/kustomization.yaml | 2 +- deployment/authZ/middleware.yaml | 11 +++++++++++ deployment/backend/ingressRoute.yaml | 2 ++ deployment/kustomization.yaml | 14 ++++++++++++++ 5 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 deployment/auth-chain.yaml create mode 100644 deployment/authZ/middleware.yaml create mode 100644 deployment/kustomization.yaml diff --git a/deployment/auth-chain.yaml b/deployment/auth-chain.yaml new file mode 100644 index 0000000..448d8ce --- /dev/null +++ b/deployment/auth-chain.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: https-only +spec: + redirectScheme: + scheme: https +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: auth-chain + namespace: apps +spec: + chain: + middlewares: + - name: https-only + - name: authn + - name: authz diff --git a/deployment/authZ/kustomization.yaml b/deployment/authZ/kustomization.yaml index a44c068..fd49b2d 100644 --- a/deployment/authZ/kustomization.yaml +++ b/deployment/authZ/kustomization.yaml @@ -8,4 +8,4 @@ resources: - ./deployment.yaml - ./service.yaml - ./horizontalPodAutoScaler.yaml - - ./forwardAuth.yaml + - ./middleware.yaml diff --git a/deployment/authZ/middleware.yaml b/deployment/authZ/middleware.yaml new file mode 100644 index 0000000..3fc26a2 --- /dev/null +++ b/deployment/authZ/middleware.yaml @@ -0,0 +1,11 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: authz +spec: + forwardAuth: + address: https://gh-authz/auth/ + authResponseHeaders: + - id + tls: + insecureSkipVerify: true \ No newline at end of file diff --git a/deployment/backend/ingressRoute.yaml b/deployment/backend/ingressRoute.yaml index c2cb2d2..7064e7d 100644 --- a/deployment/backend/ingressRoute.yaml +++ b/deployment/backend/ingressRoute.yaml @@ -15,3 +15,5 @@ spec: port: 443 scheme: https serversTransport: gh-backend + middlewares: + - name: auth-chain \ No newline at end of file diff --git a/deployment/kustomization.yaml b/deployment/kustomization.yaml new file mode 100644 index 0000000..27af284 --- /dev/null +++ b/deployment/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: generations-heritage + +bases: + - authZ + - authN + - backend + - memgraph + +resources: + - ./cert-issuer.yaml + - ./server-transport.yaml + - ./auth-chain.yaml