From 3b9baceea4aae4908486c69e690ff0b95dac4243 Mon Sep 17 00:00:00 2001 From: Felix Dubrownik Date: Tue, 11 Apr 2023 17:06:55 +0200 Subject: [PATCH] working x-domain skaffold --- .gitignore | 4 + backend/config/config.go | 2 +- deploy/k8s/base/elements/ingress.yaml | 6 +- deploy/k8s/base/elements/kustomization.yaml | 8 ++ deploy/k8s/base/quickstart/ingress.yaml | 6 +- deploy/k8s/base/quickstart/kustomization.yaml | 8 ++ .../overlays/thirdparty-x-domain/README.md | 15 ++++ .../overlays/thirdparty-x-domain/config.yaml | 39 ++++++++++ .../thirdparty-x-domain/env-patch.yaml | 74 +++++++++++++++++++ .../thirdparty-x-domain/ingress-patch.yaml | 23 ++++++ .../thirdparty-x-domain/kustomization.yaml | 15 ++++ skaffold.yaml | 4 +- 12 files changed, 197 insertions(+), 7 deletions(-) create mode 100644 deploy/k8s/overlays/thirdparty-x-domain/README.md create mode 100644 deploy/k8s/overlays/thirdparty-x-domain/config.yaml create mode 100644 deploy/k8s/overlays/thirdparty-x-domain/env-patch.yaml create mode 100644 deploy/k8s/overlays/thirdparty-x-domain/ingress-patch.yaml diff --git a/.gitignore b/.gitignore index 03343e60e..047ec6d2b 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,9 @@ *.so *.dylib +#env files +*.env + # Test binary, built with `go test -c` *.test @@ -28,3 +31,4 @@ e2e/test-results/ e2e/playwright-report/ e2e/playwright/.cache/ /backend/build_info/version.txt + diff --git a/backend/config/config.go b/backend/config/config.go index 21221cad6..3903c5a95 100644 --- a/backend/config/config.go +++ b/backend/config/config.go @@ -510,7 +510,7 @@ func (t *ThirdParty) PostProcess() error { type ThirdPartyProvider struct { Enabled bool `yaml:"enabled" json:"enabled" koanf:"enabled"` - ClientID string `yaml:"client_id" json:"client_id" koanf:"client_id"` + ClientID string `yaml:"client_id" json:"client_id" koanf:"client_id" split_words:"true"` Secret string `yaml:"secret" json:"secret" koanf:"secret"` } diff --git a/deploy/k8s/base/elements/ingress.yaml b/deploy/k8s/base/elements/ingress.yaml index 79884ee4e..5a86e10e8 100644 --- a/deploy/k8s/base/elements/ingress.yaml +++ b/deploy/k8s/base/elements/ingress.yaml @@ -8,13 +8,15 @@ metadata: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + labels: + fqdn: elements.quickstart.test spec: tls: - hosts: - - elements.quickstart.test + - $(ELEMENTS_FQDN) secretName: elements-tls rules: - - host: elements.quickstart.test + - host: $(ELEMENTS_FQDN) http: paths: - path: / diff --git a/deploy/k8s/base/elements/kustomization.yaml b/deploy/k8s/base/elements/kustomization.yaml index f6f370e41..fab84b53b 100644 --- a/deploy/k8s/base/elements/kustomization.yaml +++ b/deploy/k8s/base/elements/kustomization.yaml @@ -2,3 +2,11 @@ resources: - deployment.yaml - service.yaml - ingress.yaml +vars: + - fieldref: + fieldpath: metadata.labels.fqdn + name: ELEMENTS_FQDN + objref: + apiVersion: networking.k8s.io/v1 + kind: Ingress + name: hanko-elements diff --git a/deploy/k8s/base/quickstart/ingress.yaml b/deploy/k8s/base/quickstart/ingress.yaml index 705e344c8..de3578fc6 100644 --- a/deploy/k8s/base/quickstart/ingress.yaml +++ b/deploy/k8s/base/quickstart/ingress.yaml @@ -8,13 +8,15 @@ metadata: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + labels: + fqdn: app.quickstart.test spec: tls: - hosts: - - app.quickstart.test + - $(QUICKSTART_FQDN) secretName: quickstart-tls rules: - - host: app.quickstart.test + - host: $(QUICKSTART_FQDN) http: paths: - path: / diff --git a/deploy/k8s/base/quickstart/kustomization.yaml b/deploy/k8s/base/quickstart/kustomization.yaml index f6f370e41..633b979a2 100644 --- a/deploy/k8s/base/quickstart/kustomization.yaml +++ b/deploy/k8s/base/quickstart/kustomization.yaml @@ -2,3 +2,11 @@ resources: - deployment.yaml - service.yaml - ingress.yaml +vars: + - fieldref: + fieldpath: metadata.labels.fqdn + name: QUICKSTART_FQDN + objref: + apiVersion: networking.k8s.io/v1 + kind: Ingress + name: hanko-quickstart diff --git a/deploy/k8s/overlays/thirdparty-x-domain/README.md b/deploy/k8s/overlays/thirdparty-x-domain/README.md new file mode 100644 index 000000000..2a29d5b3d --- /dev/null +++ b/deploy/k8s/overlays/thirdparty-x-domain/README.md @@ -0,0 +1,15 @@ +# Adding OIDC Clients +To successfully test this you need to add OIDC Clients as Secrets: + +Create a github.env and a google.env of the form: +``` +client_id=your-id +client_secret=your-secret +``` + +Run +> skaffold run -p thirdparty-x-domain + +to build and deploy to local cluster. + +The quickstart app should then be running on **https://app.domain-app.grocery** diff --git a/deploy/k8s/overlays/thirdparty-x-domain/config.yaml b/deploy/k8s/overlays/thirdparty-x-domain/config.yaml new file mode 100644 index 000000000..212d558f4 --- /dev/null +++ b/deploy/k8s/overlays/thirdparty-x-domain/config.yaml @@ -0,0 +1,39 @@ +database: + user: hanko + password: hanko + host: postgres + port: 5432 + dialect: postgres +passcode: + email: + from_address: no-reply@hanko.io + smtp: + host: "mailslurper" + port: "2500" +secrets: + keys: + - abcedfghijklmnopqrstuvwxyz +service: + name: Hanko Authentication Service +session: + enable_auth_token_header: true +server: + public: + cors: + enabled: true + allow_credentials: true + allow_origins: + - 'https://app.domain-app.grocery' +webauthn: + relying_party: + origin: "https://app.domain-app.grocery" +third_party: + error_redirect_url: https://app.domain-app.grocery + allowed_redirect_urls: + - https://app.domain-app.grocery** + redirect_url: https://hanko.domain-hanko.grocery/thirdparty/callback + providers: + google: + enabled: true + github: + enabled: true diff --git a/deploy/k8s/overlays/thirdparty-x-domain/env-patch.yaml b/deploy/k8s/overlays/thirdparty-x-domain/env-patch.yaml new file mode 100644 index 000000000..f2bb030a9 --- /dev/null +++ b/deploy/k8s/overlays/thirdparty-x-domain/env-patch.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hanko-quickstart + namespace: hanko-tenant +spec: + template: + spec: + containers: + - name: hanko-quickstart + env: + - name: HANKO_URL + value: https://hanko.domain-hanko.grocery + - name: HANKO_URL_INTERNAL + value: http://hanko-public + - name: HANKO_ELEMENT_URL + value: https://elements.domain-app.grocery/elements.js + - name: HANKO_FRONTEND_SDK_URL + value: https://elements.domain-app.grocery/sdk.modern.js +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hanko + namespace: hanko-tenant +spec: + template: + spec: + containers: + - name: hanko + env: + - name: THIRD_PARTY_PROVIDERS_GOOGLE_CLIENT_ID + valueFrom: + secretKeyRef: + key: client_id + name: google + - name: THIRD_PARTY_PROVIDERS_GOOGLE_SECRET + valueFrom: + secretKeyRef: + key: client_secret + name: google + - name: THIRD_PARTY_PROVIDERS_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + key: client_id + name: github + - name: THIRD_PARTY_PROVIDERS_GITHUB_SECRET + valueFrom: + secretKeyRef: + key: client_secret + name: github + initContainers: + - name: hanko-migrate + env: + - name: THIRD_PARTY_PROVIDERS_GOOGLE_CLIENT_ID + valueFrom: + secretKeyRef: + key: client_id + name: google + - name: THIRD_PARTY_PROVIDERS_GOOGLE_SECRET + valueFrom: + secretKeyRef: + key: client_secret + name: google + - name: THIRD_PARTY_PROVIDERS_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + key: client_id + name: github + - name: THIRD_PARTY_PROVIDERS_GITHUB_SECRET + valueFrom: + secretKeyRef: + key: client_secret + name: github diff --git a/deploy/k8s/overlays/thirdparty-x-domain/ingress-patch.yaml b/deploy/k8s/overlays/thirdparty-x-domain/ingress-patch.yaml new file mode 100644 index 000000000..d0159213d --- /dev/null +++ b/deploy/k8s/overlays/thirdparty-x-domain/ingress-patch.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: hanko + namespace: hanko-tenant + labels: + fqdn: hanko.domain-hanko.grocery +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: hanko-elements + namespace: hanko-tenant + labels: + fqdn: elements.domain-app.grocery +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: hanko-quickstart + namespace: hanko-tenant + labels: + fqdn: app.domain-app.grocery diff --git a/deploy/k8s/overlays/thirdparty-x-domain/kustomization.yaml b/deploy/k8s/overlays/thirdparty-x-domain/kustomization.yaml index 5e4157bc1..eba04126e 100644 --- a/deploy/k8s/overlays/thirdparty-x-domain/kustomization.yaml +++ b/deploy/k8s/overlays/thirdparty-x-domain/kustomization.yaml @@ -4,3 +4,18 @@ resources: - ../../base/hanko - ../../base/elements - ../../base/quickstart +patchesStrategicMerge: + - ingress-patch.yaml + - env-patch.yaml +configMapGenerator: + - files: + - config.yaml + name: hanko + behavior: replace +secretGenerator: + - name: github + envs: + - github.env + - name: google + envs: + - google.env diff --git a/skaffold.yaml b/skaffold.yaml index 7d96c781d..b42f589bb 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -26,8 +26,8 @@ profiles: kustomize: paths: - deploy/k8s/overlays/quickstart -- name: thirdparty +- name: thirdparty-x-domain deploy: kustomize: paths: - - deploy/k8s/overlays/thirdparty + - deploy/k8s/overlays/thirdparty-x-domain