From 3ea0a7428a0e9cc415501caeede545222b28bd5e Mon Sep 17 00:00:00 2001 From: rconway Date: Fri, 23 Feb 2024 14:38:08 +0000 Subject: [PATCH] Commit triggered by a change on the main branch of helm-charts-dev --- charts/identity-service/Chart.lock | 8 ++--- charts/identity-service/Chart.yaml | 6 ++-- .../charts/identity-api/Chart.yaml | 2 +- .../charts/identity-api/values.yaml | 32 +------------------ charts/identity-service/values.yaml | 20 ++++++++++++ 5 files changed, 29 insertions(+), 39 deletions(-) diff --git a/charts/identity-service/Chart.lock b/charts/identity-service/Chart.lock index 99c2994..a2cef19 100644 --- a/charts/identity-service/Chart.lock +++ b/charts/identity-service/Chart.lock @@ -7,9 +7,9 @@ dependencies: version: 1.0.2 - name: identity-api repository: "" - version: 1.0.2 + version: 1.0.3 - name: identity-gatekeeper repository: https://eoepca.github.io/helm-charts/ - version: 1.0.10 -digest: sha256:322e7eb2b2b6a58da0148aca4190a2e8deb9dd3e955499749057252e813547a9 -generated: "2024-02-15T08:59:01.604851204Z" + version: 1.0.11 +digest: sha256:8053eecc259d88fee0d8f8be3e6133be1cc45603dd8679149a38808a265cf52f +generated: "2024-02-23T14:25:27.937715181Z" diff --git a/charts/identity-service/Chart.yaml b/charts/identity-service/Chart.yaml index 6b5c71c..26822f3 100644 --- a/charts/identity-service/Chart.yaml +++ b/charts/identity-service/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.93 +version: 1.0.94 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -32,9 +32,9 @@ dependencies: version: 1.0.2 - name: identity-api condition: identity-api.enabled - version: 1.0.2 + version: 1.0.3 - name: identity-gatekeeper condition: identity-gatekeeper.enabled - version: 1.0.10 + version: 1.0.11 repository: "https://eoepca.github.io/helm-charts/" alias: identity-api-gatekeeper diff --git a/charts/identity-service/charts/identity-api/Chart.yaml b/charts/identity-service/charts/identity-api/Chart.yaml index 7042a80..f0a86a9 100644 --- a/charts/identity-service/charts/identity-api/Chart.yaml +++ b/charts/identity-service/charts/identity-api/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.2 +version: 1.0.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/identity-service/charts/identity-api/values.yaml b/charts/identity-service/charts/identity-api/values.yaml index 62f55d9..c47dc37 100644 --- a/charts/identity-service/charts/identity-api/values.yaml +++ b/charts/identity-service/charts/identity-api/values.yaml @@ -85,40 +85,10 @@ deployment: # Variable group used in ingress template # --------------------------------------- ingress: - enabled: true + enabled: false className: "nginx" annotations: cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/configuration-snippet: | - auth_request /auth; - # Preflighted requests - if ($request_method = OPTIONS) { - return 200; - } - add_header Access-Control-Allow-Origin $http_origin always; - add_header Access-Control-Allow-Methods "*"; - add_header Access-Control-Allow-Headers "Authorization, Origin, Content-Type"; - nginx.ingress.kubernetes.io/server-snippet: | - location /oauth/(authorize|callback|expired|health|login|logout|token|metrics|discovery) { - proxy_pass http://identity-api-gatekeeper.um.svc.cluster.local:3000/$request_uri; - # proxy_set_header X-Forwarded-Proto $scheme; - # proxy_set_header X-Forwarded-Host $host; - # proxy_set_header X-Forwarded-Method $request_method; - # proxy_set_header X-Forwarded-URI $request_uri; - } - location ^~ /auth { - internal; - proxy_pass http://identity-api-gatekeeper.um.svc.cluster.local:3000/$request_uri; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Method $request_method; - proxy_set_header X-Forwarded-URI $request_uri; - proxy_busy_buffers_size 64k; - proxy_buffers 8 32k; - proxy_buffer_size 32k; - } hosts: - host: identity.api.myplatform.eoepca.org paths: diff --git a/charts/identity-service/values.yaml b/charts/identity-service/values.yaml index f549ba1..27d5bd1 100644 --- a/charts/identity-service/values.yaml +++ b/charts/identity-service/values.yaml @@ -18,7 +18,27 @@ identity-api: pullPolicy: IfNotPresent identity-api-gatekeeper: enabled: true + fullnameOverride: identity-api-protection + config: + client-id: identity-api + discovery-url: https://identity.keycloak.myplatform.mydomain/realms/master + cookie-domain: myplatform.mydomain + targetService: + host: identity-api-protected.myplatform.mydomain + name: identity-api + port: + number: 8080 + # Values for secret 'identity-api-protection' + secrets: + # Note - if ommitted, these can instead be set by creating the secret independently. + clientSecret: "changeme" + encryptionKey: "changemechangeme" ingress: + enabled: true + className: nginx + annotations: + ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" serverSnippets: custom: |- # Additional snippet for open access to the Swagger UI of the identity-api