Documentation
¶
Index ¶
- func CreateSvc(ctx context.Context, cs SecureStackCreator, oClient *OIDCClient, ...) (*corev1.Service, error)
- func GetGoCloakClient(ctx context.Context, cs SecureStackCreator, ns, chartName, ingPrefix string) (gocloak.GoCloak, *gocloak.JWT, string, error)
- func ReplaceWithOauth2Proxy(ctx context.Context, cs SecureStackCreator, ing *networkv1.Ingress, ...) error
- type BitnamiHelmKCCreator
- type DeploymentCreator
- type HelmRedis
- type IngressCreator
- type IngressLister
- type KubeClientCreator
- func (k *KubeClientCreator) CreateDeployment(ctx context.Context, dep *appsv1.Deployment) (*appsv1.Deployment, error)
- func (k *KubeClientCreator) CreateIngress(ctx context.Context, ing *networkv1.Ingress) (*networkv1.Ingress, error)
- func (k *KubeClientCreator) CreateSecret(ctx context.Context, sec *corev1.Secret) (*corev1.Secret, error)
- func (k *KubeClientCreator) CreateService(ctx context.Context, svc *corev1.Service) (*corev1.Service, error)
- func (k *KubeClientCreator) GetSecret(ctx context.Context, ns string, name string) (*corev1.Secret, error)
- func (k *KubeClientCreator) ListIngresses(ctx context.Context, ns string) (*networkv1.IngressList, error)
- func (k *KubeClientCreator) UpdateIngress(ctx context.Context, ing *networkv1.Ingress) (*networkv1.Ingress, error)
- type OIDCClient
- type OIDCCreator
- type PlainRedis
- type ProxyOpts
- type ProxySessionStore
- type RedisSessionStore
- type RuntimeCreator
- func (r *RuntimeCreator) CreateDeployment(ctx context.Context, dep *appsv1.Deployment) (*appsv1.Deployment, error)
- func (r *RuntimeCreator) CreateIngress(ctx context.Context, ing *networkv1.Ingress) (*networkv1.Ingress, error)
- func (r *RuntimeCreator) CreateSecret(ctx context.Context, sec *corev1.Secret) (*corev1.Secret, error)
- func (r *RuntimeCreator) CreateService(ctx context.Context, svc *corev1.Service) (*corev1.Service, error)
- func (r *RuntimeCreator) GetSecret(ctx context.Context, ns string, name string) (*corev1.Secret, error)
- func (r *RuntimeCreator) ListIngresses(ctx context.Context, ns string) (*networkv1.IngressList, error)
- func (r *RuntimeCreator) UpdateIngress(ctx context.Context, ing *networkv1.Ingress) (*networkv1.Ingress, error)
- type SecretCreator
- type SecureServiceCreator
- type SecureStackCreator
- type Service
- type ServiceCreator
- type Target
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateSvc ¶
func CreateSvc(ctx context.Context, cs SecureStackCreator, oClient *OIDCClient, opts ProxyOpts) (*corev1.Service, error)
func GetGoCloakClient ¶
func GetGoCloakClient(ctx context.Context, cs SecureStackCreator, ns, chartName, ingPrefix string) (gocloak.GoCloak, *gocloak.JWT, string, error)
GetGoCloakClient can return a gocloak "client" (gocloak.GoCloak) based on the keycloak installation provided by the bitnami keycloak
func ReplaceWithOauth2Proxy ¶
func ReplaceWithOauth2Proxy(ctx context.Context, cs SecureStackCreator, ing *networkv1.Ingress, oid OIDCCreator, opts ProxyOpts) error
ReplaceWithOauth2Proxy replaces an ingress with the oauth2 proxy.
Types ¶
type BitnamiHelmKCCreator ¶
type BitnamiHelmKCCreator struct {
Kube SecureStackCreator
Namespace string `json:"namespace"`
Name string `json:"name"`
IngressPrefix string `json:"ingressPrefix"`
Realm string `json:"realm"`
}
func (*BitnamiHelmKCCreator) CreateOIDCClient ¶
func (bh *BitnamiHelmKCCreator) CreateOIDCClient(ctx context.Context, c *gocloak.Client) (*OIDCClient, error)
type DeploymentCreator ¶
type DeploymentCreator interface {
CreateDeployment(ctx context.Context, dep *appsv1.Deployment) (*appsv1.Deployment, error)
}
A DeploymentCreator can create a k8s deployment
type HelmRedis ¶
type HelmRedis struct {
Namespace string `json:"namespace,omitempty"`
Name string `json:"name,omitempty"`
}
HelmRedis indicates the namespace and helm template name prefix used to create the redis.
type IngressCreator ¶
type IngressCreator interface {
CreateIngress(ctx context.Context, ing *networkv1.Ingress) (*networkv1.Ingress, error)
UpdateIngress(ctx context.Context, ing *networkv1.Ingress) (*networkv1.Ingress, error)
}
A IngressCreator can create a k8s ingress
type IngressLister ¶
type IngressLister interface {
ListIngresses(ctx context.Context, ns string) (*networkv1.IngressList, error)
}
IngressLister can list ingresses in a namespace
type KubeClientCreator ¶
type KubeClientCreator struct {
Kube kubernetes.Interface
}
A KubeClientCreator implements SecureStackCreator with the kubernetes.Interface
func (*KubeClientCreator) CreateDeployment ¶
func (k *KubeClientCreator) CreateDeployment(ctx context.Context, dep *appsv1.Deployment) (*appsv1.Deployment, error)
func (*KubeClientCreator) CreateIngress ¶
func (*KubeClientCreator) CreateSecret ¶
func (*KubeClientCreator) CreateService ¶
func (*KubeClientCreator) ListIngresses ¶
func (k *KubeClientCreator) ListIngresses(ctx context.Context, ns string) (*networkv1.IngressList, error)
func (*KubeClientCreator) UpdateIngress ¶
type OIDCClient ¶
type OIDCClient struct {
IssuerURL string
// Redirects []string
ClientID string
ClientSecret string
}
OIDCClient represents the critical data to be able to connect with an openid connect client that supports the discovery endpoints.
type OIDCCreator ¶
type OIDCCreator interface {
CreateOIDCClient(ctx context.Context, c *gocloak.Client) (*OIDCClient, error)
}
An OIDCCreator can takes a context and client spec, and returns a clientid and clientsecret or error.
type PlainRedis ¶
type PlainRedis struct {
Password string `json:"password,omitempty"`
URL string `json:"url,omitempty"`
}
PlainRedis holds the URL and password to a redis instance. The URL must start with `redis://`.
type ProxyOpts ¶
type ProxyOpts struct {
SessionStore ProxySessionStore `json:"sessionStore"`
CustomBanner string `json:"customBanner,omitempty"`
EmailDomain string `json:"emailDomain,omitempty"`
Annotations map[string]string `json:"annotations,omitempty"`
Target Target `json:"target"`
}
ProxyOpts are used to set up both the kubernetes objects (secrets) and the env/args for the oauth2-proxy
func (ProxyOpts) SetupEnv ¶
func (po ProxyOpts) SetupEnv(ctx context.Context, cs SecureStackCreator, oClient *OIDCClient) ([]corev1.EnvVar, error)
SetupEnv does the work to set up secrets, and returns the kubernetes Env spec for accessing the values it set up, with the varialbe names the oauth2-proxy container expects them in. It takes a context, a kubernetes client interface implementation, and oidcclient metadata.
type ProxySessionStore ¶
type ProxySessionStore struct {
Redis *RedisSessionStore `json:"redis,omitempty"`
}
ProxySessionStore is required, and configures the way that the oauth2-proxy stores session data.
type RedisSessionStore ¶
type RedisSessionStore struct {
Helm *HelmRedis `json:"helm,omitempty"`
Plain *PlainRedis `json:"plain,omitempty"`
}
A RedisSessionStore configures the session to be stored in a redis instance. It supports both the known helm chart conventions from bitnami's redis server, and a pre-known redis server endpoint and password.
type RuntimeCreator ¶
A RuntimeCreator implements SecureStackCreator with the kubernetes sig-runtime client.Client interface
func (*RuntimeCreator) CreateDeployment ¶
func (r *RuntimeCreator) CreateDeployment(ctx context.Context, dep *appsv1.Deployment) (*appsv1.Deployment, error)
func (*RuntimeCreator) CreateIngress ¶
func (*RuntimeCreator) CreateSecret ¶
func (*RuntimeCreator) CreateService ¶
func (*RuntimeCreator) ListIngresses ¶
func (r *RuntimeCreator) ListIngresses(ctx context.Context, ns string) (*networkv1.IngressList, error)
func (*RuntimeCreator) UpdateIngress ¶
type SecretCreator ¶
type SecretCreator interface {
CreateSecret(ctx context.Context, sec *corev1.Secret) (*corev1.Secret, error)
GetSecret(ctx context.Context, ns, name string) (*corev1.Secret, error)
}
A SecretCreator can create a k8s secret
type SecureServiceCreator ¶
type SecureServiceCreator interface {
SecretCreator
DeploymentCreator
ServiceCreator
}
A SecureServiceCreator can create a deployment with secrets held in a secret, and a service to expose the deployment.
type SecureStackCreator ¶
type SecureStackCreator interface {
SecureServiceCreator
IngressCreator
IngressLister
}
A SecureServiceCreator can create a deployment with secrets held in a secret, a service to expose the deployment, and an ingress to expose the service outside the cluster.
Source Files