KubeZero/charts/kubezero-auth/templates/keycloak/istio-service.yaml

45 lines
1.3 KiB
YAML

{{- if and .Values.keycloak.enabled .Values.keycloak.istio.admin.enabled .Values.keycloak.istio.admin.url }}
# Admin endpoint / all URLs allowed
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: {{ template "kubezero-lib.fullname" $ }}-admin
namespace: {{ .Release.Namespace }}
labels:
{{- include "kubezero-lib.labels" $ | nindent 4 }}
spec:
gateways:
- {{ .Values.keycloak.istio.admin.gateway }}
hosts:
- {{ .Values.keycloak.istio.admin.url }}
http:
- route:
- destination:
host: {{ template "kubezero-lib.fullname" $ }}-keycloak
{{- end }}
---
{{- if and .Values.keycloak.enabled .Values.keycloak.istio.auth.enabled .Values.keycloak.istio.auth.url }}
# auth endpoint - only expose minimal URls
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: {{ template "kubezero-lib.fullname" $ }}-auth
namespace: {{ .Release.Namespace }}
labels:
{{- include "kubezero-lib.labels" $ | nindent 4 }}
spec:
gateways:
- {{ .Values.keycloak.istio.auth.gateway }}
hosts:
- {{ .Values.keycloak.istio.auth.url }}
http:
- match:
- uri:
regex: ^/(js/|realms/|resources/|robots.txt).*
route:
- destination:
host: {{ template "kubezero-lib.fullname" $ }}-keycloak
{{- end }}