--- apiVersion: codemowers.io/v1alpha1 kind: OIDCGWClient metadata: name: authorization-code-sample-client spec: uri: 'https://client-gab7y.codemowers.ee/' redirectUris: - 'https://client-gab7y.codemowers.ee/cb' # allowedGroups: # if no groups are set, everyone is allowed # - 'codemowers:users' grantTypes: - 'authorization_code' - 'refresh_token' # might be supported by some implementations responseTypes: - 'code' # - 'code id_token' # might be needed in some implementations availableScopes: - 'openid' - 'profile' - 'offline_access' tokenEndpointAuthMethod: 'client_secret_basic' pkce: true --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: oidc-test-client annotations: kubernetes.io/ingress.class: shared traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.codemowers.ee spec: rules: - host: client-gab7y.codemowers.ee http: paths: - pathType: Prefix path: "/" backend: service: name: oidc-test-client port: number: 3000 tls: - hosts: - "*.codemowers.ee" --- apiVersion: v1 kind: Service metadata: name: oidc-test-client spec: type: ClusterIP selector: app: oidc-test-client ports: - protocol: TCP port: 3000 --- apiVersion: apps/v1 kind: Deployment metadata: name: oidc-test-client labels: app: oidc-test-client spec: selector: matchLabels: app: oidc-test-client replicas: 1 template: metadata: labels: app: oidc-test-client spec: containers: - name: oidc-test-client image: oidc-test-client ports: - containerPort: 3000 env: - name: CLIENT_URL value: https://client-gab7y.codemowers.ee envFrom: - secretRef: name: oidc-client-authorization-code-sample-client-owner-secrets