-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.ts
141 lines (124 loc) · 3.55 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
import koskoEnv from "@kosko/env";
import { loadFile } from "@kosko/yaml";
import type { SealedSecret } from "@kubernetes-models/sealed-secrets/bitnami.com/v1alpha1";
import { existsSync } from "fs";
import type { ConfigMap } from "kubernetes-models/v1";
import { EnvVar } from "kubernetes-models/v1";
import path from "path";
import environments from "../../environments";
import { addEnv, getDeployment, getIngressHost } from "../../utils";
import type { AppConfig } from "../app";
import { create as appCreate } from "../app";
interface ProxyParams {
upstream: string;
config?: Partial<AppConfig>;
}
// renovate: datasource=docker depName=quay.io/oauth2-proxy/oauth2-proxy versioning=v7.6.0
const OAUTH2_PROXY_VERSION = "v7.6.0";
// load some YAML from user env
const loadEnvYaml = async (fileName: string) => {
const yamlPath = path.join(
koskoEnv.cwd,
`environments/${koskoEnv.env}/${fileName}`
);
if (!existsSync(yamlPath)) {
console.error(`does not exist : ${yamlPath}`);
return [];
}
const manifests = await loadFile(yamlPath, {
transform: (manifest) => {
// force fix namespace
const ciEnv = environments(process.env);
if (manifest.metadata) {
manifest.metadata.namespace = ciEnv.metadata.namespace.name;
}
return manifest;
},
})();
return manifests.length && manifests[0];
};
/*
create an oauth-proxy deployment+service+ingress
expect these files :
- environments/[env]/oauth2-proxy-configmap.yaml
- environments/[env]/oauth2-proxy-sealed-secret.yaml
*/
export const create = async (
name: ProxyParams | string,
params?: ProxyParams
) => {
let { upstream, config = {} } = params ?? {};
// todo: remove legacy call support (without name)
//@ts-expect-error
if (!upstream && "upstream" in name) {
upstream = name.upstream;
config = name.config ?? {};
name = "proxy";
}
if (typeof name !== "string" || !upstream) {
return [];
}
// expect dedicated configmap
const configMap = (await loadEnvYaml(`${name}.configmap.yml`)) as ConfigMap;
// expect dedicated secret
const sealedSecret = (await loadEnvYaml(
`${name}.sealed-secret.yml`
)) as SealedSecret;
// oauth2 containers
const manifests = await appCreate(name, {
config: {
...config,
container: {
envFrom: [
{
configMapRef: { name: configMap.metadata?.name },
},
{
secretRef: { name: sealedSecret.metadata?.name },
},
],
...config.container,
args: ["--upstream", upstream],
env: [
new EnvVar({
name: "OAUTH2_PROXY_HTTP_ADDRESS",
value: "0.0.0.0:4180",
}),
...(config.container?.env ?? []),
],
livenessProbe: {
httpGet: {
path: "/ping",
port: "http",
},
},
readinessProbe: {
httpGet: {
path: "/ping",
port: "http",
},
},
startupProbe: {
httpGet: {
path: "/ping",
port: "http",
},
},
},
containerPort: 4180,
image: `quay.io/oauth2-proxy/oauth2-proxy:${OAUTH2_PROXY_VERSION}`,
},
env: koskoEnv,
});
const deployment = getDeployment(manifests);
const hostName = getIngressHost(manifests);
// TODO: has no effect with github
addEnv({
data: new EnvVar({
name: "OAUTH2_PROXY_REDIRECT_URL",
value: `https://${hostName}/oauth2/callback`,
}),
deployment,
});
return [configMap, sealedSecret, ...manifests];
};