diff --git a/k8s/configmaps/sso-config.yaml b/k8s/configmaps/sso-config.yaml new file mode 100644 index 0000000..4773a07 --- /dev/null +++ b/k8s/configmaps/sso-config.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +data: + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_NAME: Flexo MMS SSO + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID: + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET: + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_AUTHORIZATION_GRANT_TYPE: authorization_code + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_REDIRECT_URI: https://localhost:3000/sso/login/oauth2/code/oidc + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_SCOPE: openid,profile,email + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI: + SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: + SPRING_DATASOURCE_URL: + SPRING_DATASOURCE_USERNAME: + SPRING_DATASOURCE_PASSWORD: + SERVER_SERVLET_CONTEXT_PATH: /sso + FLEXO_SSO_AUTH_SERVICE_SSO_USER_ID_FIELD: + FLEXO_SSO_AUTH_SERVICE_SSO_GROUP_CLAIMS_FIELD: +kind: ConfigMap +metadata: + name: sso-config + namespace: flexo-mms diff --git a/k8s/deployments/flexo-mms-sso-auth-service.yaml b/k8s/deployments/flexo-mms-sso-auth-service.yaml new file mode 100644 index 0000000..a92f039 --- /dev/null +++ b/k8s/deployments/flexo-mms-sso-auth-service.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: flexo-mms-sso-auth-service + namespace: flexo-mms +spec: + selector: + matchLabels: + workload.user.cattle.io/workloadselector: deployment-flexo-mms-flexo-mms-sso-auth-service + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + workload.user.cattle.io/workloadselector: deployment-flexo-mms-flexo-mms-sso-auth-service + spec: + containers: + - envFrom: + - configMapRef: + name: jwt-config + optional: false + - configMapRef: + name: os-config + - configMapRef: + name: sso-config + optional: false + image: openmbee/flexo-mms-sso-auth-service:latest + imagePullPolicy: Always + name: flexo-mms-sso-auth-service + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: {} + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: false + stdin: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + tty: true + volumeMounts: + - mountPath: /mnt/config/logback/ + name: logback-config-map + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: dockerhub + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 256 + items: + - key: logback.xml + path: loggers-include.xml + name: logback-config + optional: false + name: logback-sso-config-map diff --git a/k8s/ingresses/flexo-mms-ingress.yaml b/k8s/ingresses/flexo-mms-ingress.yaml index 638188e..4cdb981 100644 --- a/k8s/ingresses/flexo-mms-ingress.yaml +++ b/k8s/ingresses/flexo-mms-ingress.yaml @@ -21,6 +21,13 @@ spec: number: 8080 path: / pathType: ImplementationSpecific + - backend: + service: + name: flexo-mms-sso-auth-service + port: + number: 8080 + path: /sso + pathType: ImplementationSpecific - backend: service: name: flexo-mms-auth-service diff --git a/k8s/services/flexo-mms-sso-auth-service.yaml b/k8s/services/flexo-mms-sso-auth-service.yaml new file mode 100644 index 0000000..290c9be --- /dev/null +++ b/k8s/services/flexo-mms-sso-auth-service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: flexo-mms-sso-auth-service + namespace: flexo-mms +spec: + clusterIP: None + clusterIPs: + - None + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: default + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + workload.user.cattle.io/workloadselector: deployment-flexo-mms-flexo-mms-sso-auth-service + sessionAffinity: None + type: ClusterIP