From d29a1a353152fb0532ef381bbbc0bc2c2bfa7af9 Mon Sep 17 00:00:00 2001 From: rasmus Date: Mon, 12 Feb 2024 07:46:12 +0200 Subject: [PATCH] whoami-oidc --- argocd/applications/whoami-oidc.yaml | 16 +++++ whoami-oidc/application.yaml | 99 ++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) create mode 100644 argocd/applications/whoami-oidc.yaml create mode 100644 whoami-oidc/application.yaml diff --git a/argocd/applications/whoami-oidc.yaml b/argocd/applications/whoami-oidc.yaml new file mode 100644 index 0000000..d879b04 --- /dev/null +++ b/argocd/applications/whoami-oidc.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: whoami-oidc + namespace: argocd +spec: + project: k-space.ee + source: + repoURL: 'git@git.k-space.ee:k-space/kube.git' + path: whoami-oidc + targetRevision: HEAD + destination: + server: 'https://kubernetes.default.svc' + namespace: whoami-oidc + syncPolicy: {} diff --git a/whoami-oidc/application.yaml b/whoami-oidc/application.yaml new file mode 100644 index 0000000..fde1937 --- /dev/null +++ b/whoami-oidc/application.yaml @@ -0,0 +1,99 @@ +--- +apiVersion: codemowers.io/v1alpha1 +kind: OIDCGWClient +metadata: + name: whoami-oidc +spec: + displayName: Whoami (oidc-tester-app) + uri: https://whoami-oidc.k-space.ee + redirectUris: + - https://whoami-oidc.k-space.ee/oauth2/callback + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + availableScopes: + - openid + - profile + tokenEndpointAuthMethod: client_secret_post + pkce: false +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whoami-oidc + labels: + app.kubernetes.io/name: whoami-oidc +spec: + replicas: 1 + revisionHistoryLimit: 0 + selector: + matchLabels: + app.kubernetes.io/name: whoami-oidc + template: + metadata: + labels: + app.kubernetes.io/name: whoami-oidc + spec: + containers: + - name: whoami-oidc + image: harbor.k-space.ee/jtagcat/oidc-tester-app@sha256:9e811f2a0ab2ca1a29fd05daca3aab61ad4960e9327527d0725d53aaa60ba184 + env: + - name: TESTER_PUBLIC_URL + value: https://whoami-oidc.k-space.ee/ + - name: TESTER_ISSUER + valueFrom: + secretKeyRef: + name: oidc-client-whoami-oidc-owner-secrets + key: OIDC_GATEWAY_URI + - name: TESTER_CLIENT_ID + valueFrom: + secretKeyRef: + name: oidc-client-whoami-oidc-owner-secrets + key: OIDC_CLIENT_ID + - name: TESTER_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: oidc-client-whoami-oidc-owner-secrets + key: OIDC_CLIENT_SECRET + ports: + - containerPort: 8080 + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: whoami-oidc +spec: + selector: + app.kubernetes.io/name: whoami-oidc + ports: + - port: 80 + name: http + targetPort: http +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: whoami-oidc + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + external-dns.alpha.kubernetes.io/target: traefik.k-space.ee +spec: + rules: + - host: whoami-oidc.k-space.ee + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: whoami-oidc + port: + name: http + tls: + - hosts: + - "*.k-space.ee"