KubeZero/charts/kubezero-auth/templates/keycloak/istio-service.yaml

45 lines
1.3 KiB
YAML
Raw Normal View History

2023-10-02 12:57:25 +00:00
{{- if and .Values.keycloak.enabled .Values.keycloak.istio.admin.enabled .Values.keycloak.istio.admin.url }}
# Admin endpoint / all URLs allowed
2022-05-11 14:31:37 +00:00
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
2023-10-02 12:57:25 +00:00
name: {{ template "kubezero-lib.fullname" $ }}-admin
2022-05-11 14:31:37 +00:00
namespace: {{ .Release.Namespace }}
labels:
{{- include "kubezero-lib.labels" $ | nindent 4 }}
spec:
gateways:
2023-10-02 12:57:25 +00:00
- {{ .Values.keycloak.istio.admin.gateway }}
2022-05-11 14:31:37 +00:00
hosts:
2023-10-02 12:57:25 +00:00
- {{ .Values.keycloak.istio.admin.url }}
2022-05-11 14:31:37 +00:00
http:
- route:
- destination:
host: {{ template "kubezero-lib.fullname" $ }}-keycloak
2022-05-11 14:31:37 +00:00
{{- end }}
2023-10-02 12:57:25 +00:00
---
{{- if and .Values.keycloak.enabled .Values.keycloak.istio.auth.enabled .Values.keycloak.istio.auth.url }}
# auth endpoint - only expose minimal URls
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: {{ template "kubezero-lib.fullname" $ }}-auth
namespace: {{ .Release.Namespace }}
labels:
{{- include "kubezero-lib.labels" $ | nindent 4 }}
spec:
gateways:
- {{ .Values.keycloak.istio.auth.gateway }}
hosts:
- {{ .Values.keycloak.istio.auth.url }}
http:
- match:
- uri:
regex: ^/(js/|realms/|resources/|robots.txt).*
route:
- destination:
host: {{ template "kubezero-lib.fullname" $ }}-keycloak
{{- end }}