You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
900 B
31 lines
900 B
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
resources:
|
|
- ../../base
|
|
|
|
components:
|
|
- ../../components/istio-external-auth
|
|
- ../../components/istio-m2m
|
|
|
|
configMapGenerator:
|
|
- name: oauth2-proxy-parameters
|
|
behavior: merge
|
|
literals:
|
|
# Configs for oauth2-proxy
|
|
- FORCE_HTTPS=true # sets `secure` flag on cookies, requires HTTPS on the gateway
|
|
|
|
patches:
|
|
# patch the 'm2m-token-issuer' RequestAuthentication with correct `issuer`
|
|
# NOTE: we are using kustomize components, so we can't use the outer `configMapGenerator` to
|
|
# patch the inner one, so we are stuck with using a `patch` instead
|
|
- patch: |-
|
|
- op: replace
|
|
path: /spec/jwtRules/0/issuer
|
|
value: https://oidc.eks.AWS_REGION.amazonaws.com/id/CLUSTER_ID
|
|
target:
|
|
group: security.istio.io
|
|
version: v1beta1
|
|
kind: RequestAuthentication
|
|
name: m2m-token-issuer
|
|
namespace: istio-system
|
|
|