Newer
Older
Josh Wolf
committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
{{- include "values-secret" (dict "root" $ "package" .Values.addons.authservice "name" "authservice" "defaults" (include "bigbang.defaults.authservice" .)) }}
{{- end }}
{{- define "bigbang.defaults.authservice" -}}
imagePullSecrets:
- name: private-registry
global:
oidc:
host: {{ .Values.sso.oidc.host }}
realm: {{ .Values.sso.oidc.realm }}
{{- if .Values.sso.jwks }}
jwks: "{{ .Values.sso.jwks }}"
{{- end }}
{{- if .Values.sso.client_id}}
client_id: {{ .Values.sso.client_id }}
{{- end }}
{{- if .Values.sso.client_secret }}
client_secret: {{ .Values.sso.client_secret }}
{{- end }}
{{- if .Values.sso.certificate_authority }}
certificate_authority: {{ .Values.sso.certificate_authority }}
{{- end }}
chains:
{{- if .Values.addons.authservice.chains }}
{{ .Values.addons.authservice.chains | toYaml | nindent 2 }}
{{- end }}
kiali:
match:
header: ":authority"
prefix: "kiali"
client_id: {{ .Values.istio.sso.kiali.client_id }}
client_secret: "{{ .Values.istio.sso.kiali.client_secret }}"
callback_uri: https://kiali.{{ .Values.hostname }}/login
jaeger:
match:
header: ":authority"
prefix: "tracing"
client_id: "{{ .Values.istio.sso.jaeger.client_id }}"
client_secret: "{{ .Values.istio.sso.jaeger.client_secret }}"
callback_uri: https://tracing.{{ .Values.hostname }}/login
prometheus:
match:
header: ":authority"
prefix: "prometheus"
client_id: {{ .Values.monitoring.sso.prometheus.client_id }}
client_secret: "{{ .Values.monitoring.sso.prometheus.client_secret }}"
callback_uri: https://prometheus.{{ .Values.hostname }}/login/generic_oauth
alertmanager:
match:
header: ":authority"
prefix: "alertmanager"
client_id: {{ .Values.monitoring.sso.alertmanager.client_id }}
client_secret: "{{ .Values.monitoring.sso.alertmanager.client_secret }}"
callback_uri: https://alertmanager.{{ .Values.hostname }}/login/generic_oauth
{{- end -}}