auth-proxy: reusable ingress with auth proxy object for cue configs (#113)
affects: #110
Creates reusable auth proxy object in base cue config, and migrates rpuppy, url-shortener, pihole and memberships app to it.
Memberships app always requires authentication.
url-shortener now supports non-auth based interactions.
diff --git a/core/installer/values-tmpl/url-shortener.cue b/core/installer/values-tmpl/url-shortener.cue
index 42a3ce8..a6e95ab 100644
--- a/core/installer/values-tmpl/url-shortener.cue
+++ b/core/installer/values-tmpl/url-shortener.cue
@@ -12,22 +12,28 @@
description: "Provides URL shortening service. Can be configured to be reachable only from private network or publicly."
icon: "<svg xmlns='http://www.w3.org/2000/svg' width='40.63' height='50' viewBox='0 0 13 16'><circle cx='2' cy='10' r='1' fill='currentColor'/><circle cx='2' cy='6' r='1' fill='currentColor'/><path fill='currentColor' d='M4.5 14c-.06 0-.11 0-.17-.03a.501.501 0 0 1-.3-.64l4-11a.501.501 0 0 1 .94.34l-4 11c-.07.2-.27.33-.47.33m3 0c-.06 0-.11 0-.17-.03a.501.501 0 0 1-.3-.64l4-11a.501.501 0 0 1 .94.34l-4 11c-.07.2-.27.33-.47.33'/></svg>"
-images: {
+_httpPortName: "http"
+
+_ingressWithAuthProxy: _IngressWithAuthProxy & {
+ inp: {
+ auth: input.auth
+ network: input.network
+ subdomain: input.subdomain
+ serviceName: "url-shortener"
+ port: name: _httpPortName
+ }
+}
+
+images: _ingressWithAuthProxy.out.images & {
urlShortener: {
repository: "giolekva"
name: "url-shortener"
tag: "latest"
pullPolicy: "Always"
}
- authProxy: {
- repository: "giolekva"
- name: "auth-proxy"
- tag: "latest"
- pullPolicy: "Always"
- }
}
-charts: {
+charts: _ingressWithAuthProxy.out.charts & {
urlShortener: {
chart: "charts/url-shortener"
sourceRef: {
@@ -36,29 +42,9 @@
namespace: global.id
}
}
- ingress: {
- chart: "charts/ingress"
- sourceRef: {
- kind: "GitRepository"
- name: "pcloud"
- namespace: global.id
- }
- }
- authProxy: {
- chart: "charts/auth-proxy"
- sourceRef: {
- kind: "GitRepository"
- name: "pcloud"
- namespace: global.id
- }
- }
}
-_urlShortenerServiceName: "url-shortener"
-_authProxyServiceName: "auth-proxy"
-_httpPortName: "http"
-
-helm: {
+helm: _ingressWithAuthProxy.out.helm & {
"url-shortener": {
chart: charts.urlShortener
values: {
@@ -71,41 +57,7 @@
pullPolicy: images.urlShortener.pullPolicy
}
portName: _httpPortName
+ requireAuth: input.auth.enabled
}
}
- if input.auth.enabled {
- "auth-proxy": {
- chart: charts.authProxy
- values: {
- image: {
- repository: images.authProxy.fullName
- tag: images.authProxy.tag
- pullPolicy: images.authProxy.pullPolicy
- }
- upstream: "\(_urlShortenerServiceName).\(release.namespace).svc.cluster.local"
- whoAmIAddr: "https://accounts.\(global.domain)/sessions/whoami"
- loginAddr: "https://accounts-ui.\(global.domain)/login"
- membershipAddr: "http://memberships.\(global.id)-core-auth-memberships.svc.cluster.local/api/user"
- groups: input.auth.groups
- portName: _httpPortName
- }
- }
- }
- ingress: {
- chart: charts.ingress
- values: {
- domain: _domain
- ingressClassName: input.network.ingressClass
- certificateIssuer: input.network.certificateIssuer
- service: {
- if input.auth.enabled {
- name: _authProxyServiceName
- }
- if !input.auth.enabled {
- name: _urlShortenerServiceName
- }
- port: name: _httpPortName
- }
- }
- }
}