Skip to content

Update k8s to also deploy sso authentication #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
HuiJun wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update k8s to also deploy sso authentication #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions k8s/configmaps/sso-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: v1
data:
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_NAME: Flexo MMS SSO
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID:
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET:
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_AUTHORIZATION_GRANT_TYPE: authorization_code
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_REDIRECT_URI: https://localhost:3000/sso/login/oauth2/code/oidc
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_SCOPE: openid,profile,email
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI:
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI:
SPRING_DATASOURCE_URL:
SPRING_DATASOURCE_USERNAME:
SPRING_DATASOURCE_PASSWORD:
SERVER_SERVLET_CONTEXT_PATH: /sso
FLEXO_SSO_AUTH_SERVICE_SSO_USER_ID_FIELD:
FLEXO_SSO_AUTH_SERVICE_SSO_GROUP_CLAIMS_FIELD:
kind: ConfigMap
metadata:
name: sso-config
namespace: flexo-mms
62 changes: 62 additions & 0 deletions k8s/deployments/flexo-mms-sso-auth-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: flexo-mms-sso-auth-service
namespace: flexo-mms
spec:
selector:
matchLabels:
workload.user.cattle.io/workloadselector: deployment-flexo-mms-flexo-mms-sso-auth-service
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
workload.user.cattle.io/workloadselector: deployment-flexo-mms-flexo-mms-sso-auth-service
spec:
containers:

Check warning on line 20 in k8s/deployments/flexo-mms-sso-auth-service.yaml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Bind this resource's automounted service account to RBAC or disable automounting. 


See more on https://sonarcloud.io/project/issues?id=Open-MBEE_flexo-mms-deployment&issues=AZzV3hkv5bz0pN7Vbmus&open=AZzV3hkv5bz0pN7Vbmus&pullRequest=23

Check warning

Code scanning / SonarCloud

Service account permissions should be restricted Medium

Bind this resource's automounted service account to RBAC or disable automounting. See more on SonarQube Cloud
- envFrom:

Check warning on line 21 in k8s/deployments/flexo-mms-sso-auth-service.yaml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Specify a memory request for this container. 


See more on https://sonarcloud.io/project/issues?id=Open-MBEE_flexo-mms-deployment&issues=AZzV3hkv5bz0pN7Vbmuw&open=AZzV3hkv5bz0pN7Vbmuw&pullRequest=23

Check warning on line 21 in k8s/deployments/flexo-mms-sso-auth-service.yaml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Specify a storage request for this container. 


See more on https://sonarcloud.io/project/issues?id=Open-MBEE_flexo-mms-deployment&issues=AZzV3hkv5bz0pN7Vbmur&open=AZzV3hkv5bz0pN7Vbmur&pullRequest=23

Check warning on line 21 in k8s/deployments/flexo-mms-sso-auth-service.yaml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Specify a CPU request for this container. 


See more on https://sonarcloud.io/project/issues?id=Open-MBEE_flexo-mms-deployment&issues=AZzV3hkv5bz0pN7Vbmuu&open=AZzV3hkv5bz0pN7Vbmuu&pullRequest=23

Check warning on line 21 in k8s/deployments/flexo-mms-sso-auth-service.yaml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Specify a memory limit for this container. 


See more on https://sonarcloud.io/project/issues?id=Open-MBEE_flexo-mms-deployment&issues=AZzV3hkv5bz0pN7Vbmuq&open=AZzV3hkv5bz0pN7Vbmuq&pullRequest=23

Check warning on line 21 in k8s/deployments/flexo-mms-sso-auth-service.yaml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Specify a storage limit for this container. 


See more on https://sonarcloud.io/project/issues?id=Open-MBEE_flexo-mms-deployment&issues=AZzV3hkv5bz0pN7Vbmut&open=AZzV3hkv5bz0pN7Vbmut&pullRequest=23

Check warning

Code scanning / SonarCloud

Memory limits should be enforced Medium

Specify a memory limit for this container. See more on SonarQube Cloud

Check warning

Code scanning / SonarCloud

Storage limits should be enforced Medium

Specify a storage limit for this container. See more on SonarQube Cloud
- configMapRef:
name: jwt-config
optional: false
- configMapRef:
name: os-config
- configMapRef:
name: sso-config
optional: false
image: openmbee/flexo-mms-sso-auth-service:latest

Check warning on line 30 in k8s/deployments/flexo-mms-sso-auth-service.yaml

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Use a specific version tag for the image instead of "latest". 


See more on https://sonarcloud.io/project/issues?id=Open-MBEE_flexo-mms-deployment&issues=AZzV3hkv5bz0pN7Vbmuv&open=AZzV3hkv5bz0pN7Vbmuv&pullRequest=23
imagePullPolicy: Always
name: flexo-mms-sso-auth-service
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: false
stdin: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
tty: true
volumeMounts:
- mountPath: /mnt/config/logback/
name: logback-config-map
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: dockerhub
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 256
items:
- key: logback.xml
path: loggers-include.xml
name: logback-config
optional: false
name: logback-sso-config-map
7 changes: 7 additions & 0 deletions k8s/ingresses/flexo-mms-ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,13 @@ spec:
number: 8080
path: /
pathType: ImplementationSpecific
- backend:
service:
name: flexo-mms-sso-auth-service
port:
number: 8080
path: /sso
pathType: ImplementationSpecific
- backend:
service:
name: flexo-mms-auth-service
Expand Down
21 changes: 21 additions & 0 deletions k8s/services/flexo-mms-sso-auth-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: flexo-mms-sso-auth-service
namespace: flexo-mms
spec:
clusterIP: None
clusterIPs:
- None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: default
port: 8080
protocol: TCP
targetPort: 8080
selector:
workload.user.cattle.io/workloadselector: deployment-flexo-mms-flexo-mms-sso-auth-service
sessionAffinity: None
type: ClusterIP