apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base

components:
- ./istio-keycloak-auth

configMapGenerator:
- name: oauth2-proxy-parameters
  behavior: merge
  literals:
  # Configs for oauth2-proxy
  - ALLOW_SELF_SIGNED_ISSUER=true
- name: istio-m2m-params
  envs:
  - m2m.env

replacements:
- source:
    kind: ConfigMap
    version: v1
    name: istio-m2m-params
    fieldPath: data.M2M_ISSUER
  targets:
  - select:
      group: security.istio.io
      version: v1beta1
      kind: RequestAuthentication
      name: keycloak-jwt
      namespace: istio-system
    fieldPaths:
    - spec.jwtRules.0.issuer

- source:
    kind: ConfigMap
    version: v1
    name: istio-m2m-params
    fieldPath: data.M2M_JWKS
  targets:
  - select:
      group: security.istio.io
      version: v1beta1
      kind: RequestAuthentication
      name: keycloak-jwt
      namespace: istio-system
    fieldPaths:
    - spec.jwtRules.0.jwksUri


secretGenerator:
- name: oauth2-proxy
  behavior: merge
  type: Opaque
  envs:
  - secrets.env

patches:
- target:
    kind: ConfigMap
    name: oauth2-proxy
  path: patch-oauth2-proxy-config.yaml