authZ+N chained

deployment/auth-chain.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: https-only
+spec:
+  redirectScheme:
+    scheme: https
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: auth-chain
+  namespace: apps
+spec:
+  chain:
+    middlewares:
+    - name: https-only
+    - name: authn
+    - name: authz

deployment/authZ/kustomization.yaml

@@ -8,4 +8,4 @@ resources:
   - ./deployment.yaml
   - ./service.yaml
   - ./horizontalPodAutoScaler.yaml
-  - ./forwardAuth.yaml
+  - ./middleware.yaml

deployment/authZ/middleware.yaml

@@ -1,7 +1,7 @@
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
-  name: auth-service
+  name: authz
 spec:
   forwardAuth:
     address: https://gh-authz/auth/

deployment/authz-argo.yaml

@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: gh-authz
-spec:
-  project: generations-heritage-vv
-  source:
-    repoURL: 'https://github.com/vcscsvcscs/GenerationsHeritage'
-    path: deployment/authZ
-    targetRevision: main
-    kustomize:
-      namespace: generations-heritage
-  destination:
-    server: 'https://kubernetes.default.svc'
-    namespace: generations-heritage
-  syncPolicy:
-    automated:
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-      - ServerSideApply=true
-    

deployment/backend-argo.yaml

@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: gh-backend
-spec:
-  project: generations-heritage-vv
-  source:
-    repoURL: 'https://github.com/vcscsvcscs/GenerationsHeritage'
-    path: deployment/backend
-    targetRevision: main
-    kustomize:
-      namespace: generations-heritage
-  destination:
-    server: 'https://kubernetes.default.svc'
-    namespace: generations-heritage
-  syncPolicy:
-    automated:
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-      - ServerSideApply=true
-    

deployment/backend/ingressRoute.yaml

@@ -15,3 +15,5 @@ spec:
           port: 443
           scheme: https
           serversTransport: gh-backend
+      middlewares:
+        - name: auth-chain

deployment/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: generations-heritage
+
+bases:
+  - authZ
+  - authN
+  - backend
+  - memgraph
+
+resources:
+  - ./cert-issuer.yaml
+  - ./server-transport.yaml
+  - ./auth-chain.yaml

deployment/memgraph-argo.yaml

@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: memgraph
-spec:
-  project: generations-heritage-vv
-  source:
-    repoURL: 'https://github.com/vcscsvcscs/GenerationsHeritage'
-    path: deployment/memgraph
-    targetRevision: main
-    kustomize:
-      namespace: generations-heritage
-  destination:
-    server: 'https://kubernetes.default.svc'
-    namespace: generations-heritage
-  syncPolicy:
-    automated:
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-      - ServerSideApply=true
-    

kustomization.yaml

@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: argocd
-
-resources:
-  - ./deployment/cert-issuer.yaml
-  - ./deployment/server-transport.yaml
-  - ./deployment/project-argo.yaml
-  - ./deployment/memgraph-argo.yaml
-  - ./deployment/auth-service-argo.yaml
-  - ./deployment/backend-argo.yaml

project-argo.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   description: Generations heritages is a project that aims to preserve the heritage of families based on bloodlines.
   sourceRepos:
-  - '*' # Allow all repositories
+  - 'https://github.com/vcscsvcscs/GenerationsHeritage'
   destinations:
   - namespace: 'generations-heritage'
     server: '*'