diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/k8s/cert-manager/selfsigned-issuer.yaml | 6 | ||||
| -rw-r--r-- | test/k8s/deps/cert-manager.yaml | 13 | ||||
| -rw-r--r-- | test/nginx-external-auth/conf.d/default.conf | 25 | ||||
| -rw-r--r-- | test/nginx-external-auth/deployment.yaml | 50 | ||||
| -rw-r--r-- | test/nginx-external-auth/ingress.yaml | 25 | ||||
| -rw-r--r-- | test/nginx-external-auth/kustomization.yaml | 10 | ||||
| -rw-r--r-- | test/nginx-external-auth/service.yaml | 13 | ||||
| -rwxr-xr-x | test/nginx-external-auth/start.sh | 23 | ||||
| -rw-r--r-- | test/pki/.gitignore | 2 | ||||
| -rw-r--r-- | test/shared/www/index.html | 17 |
10 files changed, 184 insertions, 0 deletions
diff --git a/test/k8s/cert-manager/selfsigned-issuer.yaml b/test/k8s/cert-manager/selfsigned-issuer.yaml new file mode 100644 index 0000000..07d2b7b --- /dev/null +++ b/test/k8s/cert-manager/selfsigned-issuer.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned +spec: + selfSigned: {}
\ No newline at end of file diff --git a/test/k8s/deps/cert-manager.yaml b/test/k8s/deps/cert-manager.yaml new file mode 100644 index 0000000..f3e17fa --- /dev/null +++ b/test/k8s/deps/cert-manager.yaml @@ -0,0 +1,13 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: cert-manager + namespace: kube-system +spec: + repo: https://charts.jetstack.io + chart: cert-manager + targetNamespace: cert-manager + createNamespace: true + set: + installCRDs: "true" + "prometheus.enabled": "false"
\ No newline at end of file diff --git a/test/nginx-external-auth/conf.d/default.conf b/test/nginx-external-auth/conf.d/default.conf new file mode 100644 index 0000000..e9e5a78 --- /dev/null +++ b/test/nginx-external-auth/conf.d/default.conf @@ -0,0 +1,25 @@ +server { + listen 80; + listen [::]:80; + server_name nginx.local.cetacean.club; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + location /.within.website/ { + proxy_pass http://localhost:8923; + auth_request off; + } + + location @redirectToAnubis { + return 307 /.within.website/?redir=$scheme://$host$request_uri; + auth_request off; + } + + location / { + auth_request /.within.website/x/cmd/anubis/api/check; + error_page 401 = @redirectToAnubis; + root /usr/share/nginx/html; + index index.html index.htm; + } +}
\ No newline at end of file diff --git a/test/nginx-external-auth/deployment.yaml b/test/nginx-external-auth/deployment.yaml new file mode 100644 index 0000000..f4b408b --- /dev/null +++ b/test/nginx-external-auth/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-external-auth +spec: + selector: + matchLabels: + app: nginx-external-auth + template: + metadata: + labels: + app: nginx-external-auth + spec: + volumes: + - name: config + configMap: + name: nginx-cfg + containers: + - name: www + image: nginx:alpine + resources: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + ports: + - containerPort: 80 + volumeMounts: + - name: config + mountPath: /etc/nginx/conf.d + readOnly: true + - name: anubis + image: ttl.sh/techaro/anubis-external-auth:latest + imagePullPolicy: Always + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + env: + - name: TARGET + value: " " + - name: REDIRECT_DOMAINS + value: nginx.local.cetacean.club + + diff --git a/test/nginx-external-auth/ingress.yaml b/test/nginx-external-auth/ingress.yaml new file mode 100644 index 0000000..6fc8737 --- /dev/null +++ b/test/nginx-external-auth/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx-external-auth + labels: + name: nginx-external-auth + annotations: + cert-manager.io/cluster-issuer: "selfsigned" +spec: + ingressClassName: traefik + tls: + - hosts: + - nginx.local.cetacean.club + secretName: nginx-local-cetacean-club-public-tls + rules: + - host: nginx.local.cetacean.club + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: nginx-external-auth + port: + name: http diff --git a/test/nginx-external-auth/kustomization.yaml b/test/nginx-external-auth/kustomization.yaml new file mode 100644 index 0000000..7410f97 --- /dev/null +++ b/test/nginx-external-auth/kustomization.yaml @@ -0,0 +1,10 @@ +resources: + - deployment.yaml + - service.yaml + - ingress.yaml + +configMapGenerator: + - name: nginx-cfg + behavior: create + files: + - ./conf.d/default.conf diff --git a/test/nginx-external-auth/service.yaml b/test/nginx-external-auth/service.yaml new file mode 100644 index 0000000..d2e018c --- /dev/null +++ b/test/nginx-external-auth/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-external-auth +spec: + selector: + app: nginx-external-auth + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/test/nginx-external-auth/start.sh b/test/nginx-external-auth/start.sh new file mode 100755 index 0000000..044238a --- /dev/null +++ b/test/nginx-external-auth/start.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# Build container image +( + cd ../.. \ + && npm ci \ + && npm run container -- \ + --docker-repo ttl.sh/techaro/anubis-external-auth \ + --docker-tags ttl.sh/techaro/anubis-external-auth:latest +) + +kubectl apply -k . +echo "open https://nginx.local.cetacean.club, press control c when done" + +control_c() { + kubectl delete -k . + exit +} +trap control_c SIGINT + +sleep infinity
\ No newline at end of file diff --git a/test/pki/.gitignore b/test/pki/.gitignore new file mode 100644 index 0000000..c96a04f --- /dev/null +++ b/test/pki/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore
\ No newline at end of file diff --git a/test/shared/www/index.html b/test/shared/www/index.html new file mode 100644 index 0000000..8c55c8c --- /dev/null +++ b/test/shared/www/index.html @@ -0,0 +1,17 @@ +<!DOCTYPE html> +<html> + <head> + <title>Anubis works!</title> + <link rel="stylesheet" href="/.within.website/x/xess/xess.css"/> + <meta name="viewport" content="width=device-width, initial-scale=1.0"/> + </head> + <body id="top"> + <main> + <h1>Anubis works!</h1> + + <p>If you see this, everything has gone according to keikaku.</p> + + <img height=128 src="/.within.website/x/cmd/anubis/static/img/happy.webp"/> + </main> + </body> +</html>
\ No newline at end of file |