Split istio-external-auth into two components (#2670)

First component contains only the patches. This is meant to be used from the istio deployment. The second component contains the AuthorizationPolicy and RequestAuthentication, which must always be deployed when oauth2-proxy is deployed, so it doesn't make sense to pull these in from the istio oauth2-proxy overlay. Signed-off-by: Alexander Block <ablock84@gmail.com>
kubeflow · May 2, 2024 · 0aedaaf · 0aedaaf
1 parent 61f1e61
commit 0aedaaf
Show file tree

Hide file tree

Showing 9 changed files with 10 additions and 6 deletions.
diff --git a/common/istio-1-17/istio-install/overlays/oauth2-proxy/kustomization.yaml b/common/istio-1-17/istio-install/overlays/oauth2-proxy/kustomization.yaml
@@ -5,4 +5,4 @@ resources:
 - ../../base
 
 components:
-- ../../../../oidc-client/oauth2-proxy/components/istio-external-auth
+- ../../../../oidc-client/oauth2-proxy/components/istio-external-auth-patches
diff --git a/common/istio-cni-1-17/istio-install/overlays/oauth2-proxy/kustomization.yaml b/common/istio-cni-1-17/istio-install/overlays/oauth2-proxy/kustomization.yaml
@@ -5,4 +5,4 @@ resources:
 - ../../base
 
 components:
-- ../../../../oidc-client/oauth2-proxy/components/istio-external-auth
+- ../../../../oidc-client/oauth2-proxy/components/istio-external-auth-patches
diff --git a/common/oidc-client/oauth2-proxy/components/istio-external-auth-patches/README.md b/common/oidc-client/oauth2-proxy/components/istio-external-auth-patches/README.md
diff --git a/common/oidc-client/oauth2-proxy/components/istio-external-auth-patches/kustomization.yaml b/common/oidc-client/oauth2-proxy/components/istio-external-auth-patches/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+patches:
+- path: patches/cm.enable-oauth2-proxy.yaml
+- path: patches/deployment.jwt-refresh-interval.yaml
diff --git a/...-auth/patches/cm.enable-oauth2-proxy.yaml → ...tches/patches/cm.enable-oauth2-proxy.yaml b/...-auth/patches/cm.enable-oauth2-proxy.yaml → ...tches/patches/cm.enable-oauth2-proxy.yaml
diff --git a/...ches/deployment.jwt-refresh-interval.yaml → ...ches/deployment.jwt-refresh-interval.yaml b/...ches/deployment.jwt-refresh-interval.yaml → ...ches/deployment.jwt-refresh-interval.yaml
diff --git a/common/oidc-client/oauth2-proxy/components/istio-external-auth/kustomization.yaml b/common/oidc-client/oauth2-proxy/components/istio-external-auth/kustomization.yaml
@@ -9,7 +9,3 @@ resources:
 # authorizationpolicy.istio-ingressgateway-oauth2-proxy-cloudflare.yaml
 # instead of 
 # authorizationpolicy.istio-ingressgateway-oauth2-proxy.yaml
-
-patches:
-- path: patches/cm.enable-oauth2-proxy.yaml
-- path: patches/deployment.jwt-refresh-interval.yaml
diff --git a/common/oidc-client/oauth2-proxy/overlays/m2m-self-signed/kustomization.yaml b/common/oidc-client/oauth2-proxy/overlays/m2m-self-signed/kustomization.yaml
@@ -6,6 +6,7 @@ resources:
 
 components:
 - ../../components/istio-m2m
+- ../../components/istio-external-auth
 - ../../components/allow-unauthenticated-issuer-discovery
 - ../../components/configure-self-signed-kubernetes-oidc-issuer
 

diff --git a/common/oidc-client/oauth2-proxy/overlays/m2m/kustomization.yaml b/common/oidc-client/oauth2-proxy/overlays/m2m/kustomization.yaml
@@ -6,6 +6,7 @@ resources:
 
 components:
 - ../../components/istio-m2m
+- ../../components/istio-external-auth
 - component-overwrite-m2m-token-issuer
 
 configMapGenerator: