djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

supervisor-oidc: create dynamic config in YTT templates 

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler 2020-10-06 10:12:29 -04:00
parent fd6a7f5892
commit 006d96ab92
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
3 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
deploy-supervisor/deployment.yaml
View File

@ -30,6 +30,29 @@ data:
names: names:
dynamicConfigMap: (@= data.values.app_name + "-dynamic-config" @) dynamicConfigMap: (@= data.values.app_name + "-dynamic-config" @)
--- ---
apiVersion: v1
kind: ConfigMap
metadata:
name: #@ data.values.app_name + "-dynamic-config"
namespace: #@ data.values.namespace
labels:
app: #@ data.values.app_name
data:
issuer: #@ data.values.issuer_url
---
apiVersion: v1
kind: ConfigMap
metadata:
name: #@ data.values.app_name + "-static-config"
namespace: #@ data.values.namespace
labels:
app: #@ data.values.app_name
data:
#@yaml/text-templated-strings
pinniped.yaml: |
names:
dynamicConfigMap: (@= data.values.app_name + "-dynamic-config" @)
---
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "": #@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret

6
deploy-supervisor/values.yaml
View File

@ -20,3 +20,9 @@ image_tag: latest
#! Typically the value would be the output of: kubectl create secret docker-registry x --docker-server=https://example.io --docker-username="USERNAME" --docker-password="PASSWORD" --dry-run=client -o json | jq -r '.data[".dockerconfigjson"]' #! Typically the value would be the output of: kubectl create secret docker-registry x --docker-server=https://example.io --docker-username="USERNAME" --docker-password="PASSWORD" --dry-run=client -o json | jq -r '.data[".dockerconfigjson"]'
#! Optional. #! Optional.
image_pull_dockerconfigjson: #! e.g. {"auths":{"https://registry.example.com":{"username":"USERNAME","password":"PASSWORD","auth":"BASE64_ENCODED_USERNAME_COLON_PASSWORD"}}} image_pull_dockerconfigjson: #! e.g. {"auths":{"https://registry.example.com":{"username":"USERNAME","password":"PASSWORD","auth":"BASE64_ENCODED_USERNAME_COLON_PASSWORD"}}}
#! Specifies the base URL used in the endpoint fields (e.g., authorization_endpoint, jwks_url, etc.)
#! of the OpenID Provider Metadata, as well as the value of the iss JWT claim that will be used by
#! this OIDC provider. Per the OIDC Discovery spec, this URL must use the HTTPS scheme. See
#! https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3.
issuer_url: #! e.g., https://auth.my-org.com

6
hack/prepare-for-integration-tests.sh
View File

@ -177,12 +177,16 @@ kubectl create secret generic "$test_username" \
# #
# Deploy the Pinniped Supervisor # Deploy the Pinniped Supervisor
# #
issuer_url=https://todo.what-should-this-be
pushd deploy-supervisor >/dev/null pushd deploy-supervisor >/dev/null
log_note "Deploying the Pinniped Supervisor app to the cluster..." log_note "Deploying the Pinniped Supervisor app to the cluster..."
ytt --file . \ ytt --file . \
--data-value "image_repo=$registry_repo" \ --data-value "image_repo=$registry_repo" \
--data-value "image_tag=$tag" >"$manifest" --data-value "image_tag=$tag" \
--data-value "issuer_url=$issuer_url" \
>"$manifest"
kapp deploy --yes --app "pinniped-supervisor" --diff-changes --file "$manifest" kapp deploy --yes --app "pinniped-supervisor" --diff-changes --file "$manifest"