apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

components:
- ../../components/istio-external-auth
- ../../components/istio-m2m

configMapGenerator:
- name: oauth2-proxy-parameters
  behavior: merge
  literals:
  # Configs for oauth2-proxy
  - FORCE_HTTPS=true # sets `secure` flag on cookies, requires HTTPS on the gateway

patches:
# patch the 'm2m-token-issuer' RequestAuthentication with correct `issuer`
# NOTE: we are using kustomize components, so we can't use the outer `configMapGenerator` to
#       patch the inner one, so we are stuck with using a `patch` instead
- patch: |-
    - op: replace
      path: /spec/jwtRules/0/issuer
      value: https://oidc.eks.AWS_REGION.amazonaws.com/id/CLUSTER_ID
  target:
    group: security.istio.io
    version: v1beta1
    kind: RequestAuthentication
    name: m2m-token-issuer
    namespace: istio-system