Oauth integration (#63)

* chore: Configured OAuthProxy on Console and API endpoints Signed-off-by: Alejandro Villegas <alex.ansi.c@gmail.com> * fix: removed unused secret Signed-off-by: Alejandro Villegas <alex.ansi.c@gmail.com> * chore: removed oauth-proxy from API. Don't needed anymore Signed-off-by: Alejandro Villegas <alex.ansi.c@gmail.com> * fix: removed hardcoded value con configmap Signed-off-by: Alejandro Villegas <alex.ansi.c@gmail.com> * fix: removed unused ServiceAccount for API Signed-off-by: Alejandro Villegas <alex.ansi.c@gmail.com> * fix: removed API Route. Now it's accessed by Console Route Signed-off-by: Alejandro Villegas <alex.ansi.c@gmail.com> --------- Signed-off-by: Alejandro Villegas <alex.ansi.c@gmail.com>
RHEcosystemAppEng · Jun 14, 2024 · 374016a · 374016a
1 parent 142343f
commit 374016a
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 31 deletions.
diff --git a/deployments/openshift/00_config.yaml b/deployments/openshift/00_config.yaml
@@ -7,9 +7,9 @@ metadata:
     app: cluster-iq
     component: config
 data:
-  REACT_APP_CIQ_API_URL: "https://api/api/v1"
-  CIQ_API_URL: 'http://api:8443/api/v1'
-  CIQ_API_LISTEN_URL: "0.0.0.0:8443"
+  REACT_APP_CIQ_API_URL: "http://api.cluster-iq.svc.cluster.local:8080"
+  CIQ_API_URL: 'http://api:8080/api/v1'
+  CIQ_API_LISTEN_URL: "0.0.0.0:8080"
   CIQ_DB_URL: "postgresql://user:password@pgsql:5432/clusteriq?sslmode=disable"
   CIQ_CREDS_FILE: "/credentials/credentials"
   CIQ_LOG_LEVEL: "DEBUG"

diff --git a/deployments/openshift/01_service_account.yaml b/deployments/openshift/01_service_account.yaml
@@ -3,3 +3,5 @@ kind: ServiceAccount
 apiVersion: v1
 metadata:
   name: cluster-iq
+  annotations:
+    serviceaccounts.openshift.io/oauth-redirectreference.cluster-iq: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"console"}}'
diff --git a/deployments/openshift/03_api.yaml b/deployments/openshift/03_api.yaml
@@ -33,7 +33,9 @@ spec:
             - configMapRef:
                 name: config
           ports:
-            - containerPort: 8443
+            - name: api
+              containerPort: 8080
+
 
 ---
 apiVersion: v1
@@ -50,23 +52,5 @@ spec:
   ports:
     - name: api
       protocol: TCP
-      port: 8443
-      targetPort: 8443
-
----
-kind: Route
-apiVersion: route.openshift.io/v1
-metadata:
-  name: api
-  labels:
-    app: cluster-iq
-    component: api
-spec:
-  to:
-    kind: Service
-    name: api
-    weight: 100
-  port:
-    targetPort: api
-  tls:
-    termination: edge
+      port: 8080
+      targetPort: api
diff --git a/deployments/openshift/05_console.yaml b/deployments/openshift/05_console.yaml
@@ -20,20 +20,50 @@ spec:
     spec:
       serviceAccountName: cluster-iq
       containers:
-        - name: server
+        - name: console
           image: quay.io/ecosystem-appeng/cluster-iq-console:latest
           imagePullPolicy: Always
           envFrom:
             - configMapRef:
                 name: config
           ports:
-            - containerPort: 3000
+            - name: console
+              containerPort: 3000
+        - name: oauth-proxy
+          image: registry.redhat.io/openshift4/ose-oauth-proxy:v4.13
+          imagePullPolicy: IfNotPresent
+          args:
+             - -provider=openshift
+             - -https-address=:8443
+             - -http-address=
+             - -email-domain=*
+             - -tls-cert=/etc/tls/private/tls.crt
+             - -tls-key=/etc/tls/private/tls.key
+             - -upstream=http://localhost:3000
+             - -cookie-secret=ClusterIQ-Cookie
+             - -openshift-service-account=cluster-iq
+             - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+          ports:
+            - name: oauth-proxy
+              containerPort: 8443
+          volumeMounts:
+            - mountPath: /etc/tls/private
+              name: console-tls
+      volumes:
+        - name: console-tls
+          secret:
+            defaultMode: 420
+            secretName: console-tls
+
+
 
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: console
+  annotations:
+    service.alpha.openshift.io/serving-cert-secret-name: console-tls
   labels:
     app: cluster-iq
     component: console
@@ -42,10 +72,15 @@ spec:
     app: cluster-iq
     component: console
   ports:
-    - protocol: TCP
+    - name: console
+      protocol: TCP
       port: 3000
-      targetPort: 3000
-      name: console
+      targetPort: console
+    - name: oauth-proxy
+      protocol: TCP
+      port: 8443
+      targetPort: oauth-proxy
+
 
 ---
 kind: Route
@@ -61,6 +96,7 @@ spec:
     name: console
     weight: 100
   port:
-    targetPort: console
+    targetPort: oauth-proxy
   tls:
-    termination: edge
+    termination: reencrypt
+    insecureEdgeTerminationPolicy: Redirect