Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
Containers
/
monkeybox_kubernetes
2
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: 3a84e8690b
Салаанууд Тагууд
monkeybox_kuber...
/
Workloads
/
testing
/
oid2.yaml

oid2.yaml 5.3 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 
  1. apiVersion: apps/v1
    2. 

  2. kind: Deployment
    3. 

  3. metadata:
    4. 

  4.   name: nginx
    5. 

  5.   namespace: default
    6. 

  6. spec:
    7. 

  7.   replicas: 1
    8. 

  8.   selector:
    9. 

  9.     matchLabels:
    10. 

  10.       app: nginx
    11. 

  11.   template:
    12. 

  12.     metadata:
    13. 

  13.       labels:
    14. 

  14.         app: nginx
    15. 

  15.     spec:
    16. 

  16.       containers:
    17. 

  17.       - name: nginx
    18. 

  18.         image: nginx
    19. 

  19.       - name: gatekeeper
    20. 

  20.         image: carlosedp/keycloak-gatekeeper:latest
    21. 

  21.         args:
    22. 

  22.         - --config=/etc/keycloak-gatekeeper.conf
    23. 

  23.         ports:
    24. 

  24.         - containerPort: 3000
    25. 

  25.           name: service
    26. 

  26.         volumeMounts:
    27. 

  27.         - name: gatekeeper-config
    28. 

  28.           mountPath: /etc/keycloak-gatekeeper.conf
    29. 

  29.           subPath: keycloak-gatekeeper.conf
    30. 

  30.         - name: gatekeeper-files
    31. 

  31.           mountPath: /html
    32. 

  32.       volumes:
    33. 

  33.       - name : gatekeeper-config
    34. 

  34.         configMap:
    35. 

  35.           name: gatekeeper-config
    36. 

  36.       - name : gatekeeper-files
    37. 

  37.         configMap:
    38. 

  38.           name: gatekeeper-files
    39. 

  39. ---
    40. 

  40. apiVersion: v1
    41. 

  41. kind: ConfigMap
    42. 

  42. metadata:
    43. 

  43.   name: gatekeeper-config
    44. 

  44.   namespace: default
    45. 

  45.   creationTimestamp: null
    46. 

  46. data:
    47. 

  47.   keycloak-gatekeeper.conf: |+
    48. 

  48.     # is the url for retrieve the OpenID configuration - normally the <server>/auth/realms/<realm_name>
    49. 

  49.     discovery-url: https://keycloak.xdrtest.accenturefederalcyber.com/auth/realms/XDRTest
    50. 

  50.     # skip tls verify
    51. 

  51.     skip-openid-provider-tls-verify: true
    52. 

  52.     # the client id for the 'client' application
    53. 

  53.     client-id: oid.monkeybox.org
    54. 

  54.     # the secret associated to the 'client' application
    55. 

  55.     # XDR:
    56. 

  56.     #client-secret: d8adb127-965d-4c6d-a7b2-66e30f6025b8
    57. 

  57.     # XDRTest
    58. 

  58.     client-secret: 54a1867e-07a8-4d87-b3f8-0ab37e141c79
    59. 

  59.     # the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>', unix sockets as unix://<REL_PATH>|</ABS PATH>
    60. 

  60.     listen: :3000
    61. 

  61.     # whether to enable refresh tokens
    62. 

  62.     enable-refresh-tokens: true
    63. 

  63.     # the location of a certificate you wish the proxy to use for TLS support
    64. 

  64.     #tls-cert:
    65. 

  65.     # the location of a private key for TLS
    66. 

  66.     #tls-private-key:
    67. 

  67.     # the redirection url, essentially the site url, note: /oauth/callback is added at the end
    68. 

  68.     redirection-url: https://oid.monkeybox.org
    69. 

  69.     secure-cookie: false
    70. 

  70.     # the encryption key used to encode the session state
    71. 

  71.     encryption-key: vGcLt7ZUdPX5fXhtLZaPHZkGWHZrT6aa
    72. 

  72.     # the upstream endpoint which we should proxy request
    73. 

  73.     upstream-url: http://127.0.0.1:80/
    74. 

  74.     forbidden-page: /html/access-forbidden.html
    75. 

  75. #    resources:
    76. 

  76. #    - uri: /*
    77. 

  77. #      groups:
    78. 

  78. #      - my-app
    79. 

  79. ---
    80. 

  80. apiVersion: v1
    81. 

  81. kind: ConfigMap
    82. 

  82. metadata:
    83. 

  83.   name: gatekeeper-files
    84. 

  84.   namespace: default
    85. 

  85.   creationTimestamp: null
    86. 

  86. data:
    87. 

  87.   access-forbidden.html: |+
    88. 

  88.     <html lang="en"><head> <title>Access Forbidden</title><style>*{font-family: "Courier", "Courier New", "sans-serif"; margin:0; padding: 0;}body{background: #233142;}.whistle{width: 20%; fill: #f95959; margin: 100px 40%; text-align: left; transform: translate(-50%, -50%); transform: rotate(0); transform-origin: 80% 30%; animation: wiggle .2s infinite;}@keyframes wiggle{0%{transform: rotate(3deg);}50%{transform: rotate(0deg);}100%{transform: rotate(3deg);}}h1{margin-top: -100px; margin-bottom: 20px; color: #facf5a; text-align: center; font-size: 90px; font-weight: 800;}h2, a{color: #455d7a; text-align: center; font-size: 30px; text-transform: uppercase;}</style> </head><body> <use> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 1000 1000" enable-background="new 0 0 1000 1000" xml:space="preserve" class="whistle"><g><g transform="translate(0.000000,511.000000) scale(0.100000,-0.100000)"><path d="M4295.8,3963.2c-113-57.4-122.5-107.2-116.8-622.3l5.7-461.4l63.2-55.5c72.8-65.1,178.1-74.7,250.8-24.9c86.2,61.3,97.6,128.3,97.6,584c0,474.8-11.5,526.5-124.5,580.1C4393.4,4001.5,4372.4,4001.5,4295.8,3963.2z"/><path d="M3053.1,3134.2c-68.9-42.1-111-143.6-93.8-216.4c7.7-26.8,216.4-250.8,476.8-509.3c417.4-417.4,469.1-463.4,526.5-463.4c128.3,0,212.5,88.1,212.5,224c0,67-26.8,97.6-434.6,509.3c-241.2,241.2-459.5,449.9-488.2,465.3C3181.4,3180.1,3124,3178.2,3053.1,3134.2z"/><path d="M2653,1529.7C1644,1445.4,765.1,850,345.8-32.7C62.4-628.2,22.2-1317.4,234.8-1960.8C451.1-2621.3,947-3186.2,1584.6-3500.2c1018.6-501.6,2228.7-296.8,3040.5,515.1c317.8,317.8,561,723.7,670.1,1120.1c101.5,369.5,158.9,455.7,360,553.3c114.9,57.4,170.4,65.1,1487.7,229.8c752.5,93.8,1392,181.9,1420.7,193.4C8628.7-857.9,9900,1250.1,9900,1328.6c0,84.3-67,172.3-147.4,195.3c-51.7,15.3-790.8,19.1-2558,15.3l-2487.2-5.7l-55.5-63.2l-55.5-61.3v-344.6V719.8h-411.7h-411.7v325.5c0,509.3,11.5,499.7-616.5,494C2921,1537.3,2695.1,1533.5,2653,1529.7z"/></g></g></svg></use><h1>403</h1><h2>Not this time, access forbidden!</h2><h2><a href="/oauth/logout?redirect=https://google.com">Logout</h2></body></html>
    89. 

  89. ---
    90. 

  90. apiVersion: v1
    91. 

  91. kind: Service
    92. 

  92. metadata:
    93. 

  93.   labels:
    94. 

  94.     app: nginx
    95. 

  95.   name: nginx
    96. 

  96.   namespace: default
    97. 

  97. spec:
    98. 

  98.   ports:
    99. 

  99.   - name: http
    100. 

  100.     port: 80
    101. 

  101.     protocol: TCP
    102. 

  102.     targetPort: service
    103. 

  103.   selector:
    104. 

  104.     app: nginx
    105. 

  105.   type: ClusterIP
    106. 

  106. ---
    107. 

  107. apiVersion: networking.k8s.io/v1beta1
    108. 

  108. kind: Ingress
    109. 

  109. metadata:
    110. 

  110.   name: index-ingress
    111. 

  111.   namespace: default
    112. 

  112.   annotations:
    113. 

  113.     cert-manager.io/cluster-issuer: "letsencrypt-prod"
    114. 

  114.     nginx.ingress.kubernetes.io/rewrite-target: /
    115. 

  115. spec:
    116. 

  116.   tls:
    117. 

  117.   - hosts:
    118. 

  118.     - oid.monkeybox.org
    119. 

  119.     secretName: oid-tls
    120. 

  120.   rules:
    121. 

  121.     - host: oid.monkeybox.org
    122. 

  122.       http:
    123. 

  123.         paths:
    124. 

  124.         - path: /
    125. 

  125.           backend:
    126. 

  126.             serviceName: nginx
    127. 

  127.             servicePort: 80
    128.