[KEYCLOAK-9071] Move kube and Dockerfile content from Gatekeeper repository

be3ba040 · Bruno Oliveira da Silva · Stian Thorgersen · 2b8ca095 · 2b8ca095 · be3ba040
Commit be3ba040 authored 6 years ago by Bruno Oliveira da Silva Committed by Stian Thorgersen 6 years ago
--- a/Dockerfile
+++ b/Dockerfile
-FROM alpine:3.7
-LABEL Name=keycloak-gatekeeper \
-      Release=https://github.com/keycloak/keycloak-gatekeeper \
-      Url=https://github.com/keycloak/keycloak-gatekeeper \
-      Help=https://github.com/keycloak/keycloak-gatekeeper/issues
-RUN apk add --no-cache ca-certificates
-ADD templates/ /opt/templates
-ADD bin/keycloak-gatekeeper /opt/keycloak-gatekeeper
-WORKDIR "/opt"
-ENTRYPOINT [ "/opt/keycloak-gatekeeper" ]
--- a/doc.go
+++ b/doc.go
@@ -35,8 +35,8 @@ var (
 const (
 	prog        = "keycloak-gatekeeper"
-	author      = "Rohith Jayawardene"
+	author      = "Keycloak"
-	email       = "gambol99@gmail.com"
+	email       = "keycloak-user@lists.jboss.org"
 	description = "is a proxy using the keycloak service for auth and authorization"
 	authorizationHeader = "Authorization"
@@ -287,7 +287,7 @@ type Config struct {
 	// EncryptionKey is the encryption key used to encrypt the refresh token
 	EncryptionKey string `json:"encryption-key" yaml:"encryption-key" usage:"encryption key used to encryption the session state" env:"ENCRYPTION_KEY"`
-	// InvalidAuthRedirectsWith303 will make requests with invalid auth headers redirect using HTTP 303 instead of HTTP 307.  See github.com/gambol99/keycloak-gatekeeper/issues/292 for context.
+	// InvalidAuthRedirectsWith303 will make requests with invalid auth headers redirect using HTTP 303 instead of HTTP 307.  See github.com/keycloak/keycloak-gatekeeper/issues/292 for context.
 	InvalidAuthRedirectsWith303 bool `json:"invalid-auth-redirects-with-303" yaml:"invalid-auth-redirects-with-303" usage:"use HTTP 303 redirects instead of 307 for invalid auth tokens"`
 	// NoRedirects informs we should hand back a 401 not a redirect
 	NoRedirects bool `json:"no-redirects" yaml:"no-redirects" usage:"do not have back redirects when no authentication is present, 401 them"`

--- a/kube/forward.yml
+++ b/kube/forward.yml
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: proxy
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        name: proxy
-      annotations:
-        repository: https://github.com/keycloak/keycloak-gatekeeper
-    spec:
-      containers:
-      - name: proxy
-        image: docker.io/jboss/keycloak/keycloak-gatekeeper:latest
-        imagePullPolicy: Always
-        args:
-          - --config /etc/secrets/forwarding.yml
-          - --discovery-url https://sso.example.com/auth/realms/hod-test
-          - --client-id broker
-          - --client-secret
-          - --listen 127.0.0.1:3000
-          - --enable-forwarding=true
-          - --forwarding-username=username
-          - --forwarding-password=password
-          - --enable-logging=true
-          - --enable-json-logging true
-          - --verbose true
-        volumeMounts:
-        - name: secrets
-          mountPath: /etc/secrets
-      volumes:
-      - name: secrets
-        secret:
-          secretName: config
--- a/kube/reverse.yml
+++ b/kube/reverse.yml
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: proxy
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        name: proxy
-      annotations:
-        repository: https://github.com/keycloak/keycloak-gatekeeper
-    spec:
-      securityContext:
-        fsGroup: 1000
-        runAsNonRoot: true
-        runAsUser: 1000
-      volumes:
-      - name: certs
-        secret:
-          secretName: tls
-      containers:
-        - name: proxy
-          image: docker.io/jboss/keycloak/keycloak-gatekeeper:latest
-          imagePullPolicy: Always
-          args:
-            - --client-id=broker
-            - --discovery-url=https://sso.example.com/auth/realms/hod-test
-            - --enable-default-deny=false
-            - --enable-json-logging=true
-            - --enable-logging=true
-            - --enable-request-id=true
-            - --enable-security-filter=true
-            - --http-only-cookie=true
-            - --listen=127.0.0.1:3000
-            - --preserve-host=true
-            - --redirection-url=https://www.example.com
-            - --resources=uri=/admin/*|roles=admin
-            - --skip-client-id=true
-            - --tls-cert=/certs/tls.pem
-            - --tls-private-key=/certs/tls-key.pem
-            - --upstream-url=http://127.0.0.1:8080
-          env:
-            - name: PROXY_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: openid
-                  key: client.secret
-          securityContext:
-            readOnlyRootFilesystem: true
-          volumeMounts:
-          - name: certs
-            mountPath: /certs
-            readOnly: true