You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
63 lines
1.1 KiB
63 lines
1.1 KiB
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
resources:
|
|
- ../../base
|
|
|
|
components:
|
|
- ./istio-keycloak-auth
|
|
|
|
configMapGenerator:
|
|
- name: oauth2-proxy-parameters
|
|
behavior: merge
|
|
literals:
|
|
# Configs for oauth2-proxy
|
|
- ALLOW_SELF_SIGNED_ISSUER=true
|
|
- name: istio-m2m-params
|
|
envs:
|
|
- m2m.env
|
|
|
|
replacements:
|
|
- source:
|
|
kind: ConfigMap
|
|
version: v1
|
|
name: istio-m2m-params
|
|
fieldPath: data.M2M_ISSUER
|
|
targets:
|
|
- select:
|
|
group: security.istio.io
|
|
version: v1beta1
|
|
kind: RequestAuthentication
|
|
name: keycloak-jwt
|
|
namespace: istio-system
|
|
fieldPaths:
|
|
- spec.jwtRules.0.issuer
|
|
|
|
- source:
|
|
kind: ConfigMap
|
|
version: v1
|
|
name: istio-m2m-params
|
|
fieldPath: data.M2M_JWKS
|
|
targets:
|
|
- select:
|
|
group: security.istio.io
|
|
version: v1beta1
|
|
kind: RequestAuthentication
|
|
name: keycloak-jwt
|
|
namespace: istio-system
|
|
fieldPaths:
|
|
- spec.jwtRules.0.jwksUri
|
|
|
|
|
|
secretGenerator:
|
|
- name: oauth2-proxy
|
|
behavior: merge
|
|
type: Opaque
|
|
envs:
|
|
- secrets.env
|
|
|
|
patches:
|
|
- target:
|
|
kind: ConfigMap
|
|
name: oauth2-proxy
|
|
path: patch-oauth2-proxy-config.yaml |