45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
{{- if and .Values.keycloak.enabled .Values.keycloak.istio.admin.enabled .Values.keycloak.istio.admin.url }}
|
|
# Admin endpoint / all URLs allowed
|
|
apiVersion: networking.istio.io/v1beta1
|
|
kind: VirtualService
|
|
metadata:
|
|
name: {{ template "kubezero-lib.fullname" $ }}-admin
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "kubezero-lib.labels" $ | nindent 4 }}
|
|
spec:
|
|
gateways:
|
|
- {{ .Values.keycloak.istio.admin.gateway }}
|
|
hosts:
|
|
- {{ .Values.keycloak.istio.admin.url }}
|
|
http:
|
|
- route:
|
|
- destination:
|
|
host: {{ template "kubezero-lib.fullname" $ }}-keycloak
|
|
{{- end }}
|
|
|
|
---
|
|
|
|
{{- if and .Values.keycloak.enabled .Values.keycloak.istio.auth.enabled .Values.keycloak.istio.auth.url }}
|
|
# auth endpoint - only expose minimal URls
|
|
apiVersion: networking.istio.io/v1beta1
|
|
kind: VirtualService
|
|
metadata:
|
|
name: {{ template "kubezero-lib.fullname" $ }}-auth
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "kubezero-lib.labels" $ | nindent 4 }}
|
|
spec:
|
|
gateways:
|
|
- {{ .Values.keycloak.istio.auth.gateway }}
|
|
hosts:
|
|
- {{ .Values.keycloak.istio.auth.url }}
|
|
http:
|
|
- match:
|
|
- uri:
|
|
regex: ^/(js/|realms/|resources/|robots.txt).*
|
|
route:
|
|
- destination:
|
|
host: {{ template "kubezero-lib.fullname" $ }}-keycloak
|
|
{{- end }}
|