From 98ae7dd9b1d3dedf637655e5abcac70e0b9ea7b8 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Tue, 30 Jan 2024 02:14:12 +0100
Subject: [PATCH] feat(shared): Add automatic Ingress patching to oauth2-proxy
 component

This patch adjusts the component for oauth2-proxy to also include a
patching mechism for all kustomize-defined Ingress objects to be
restricted.
---
 shared/components/oauth2-proxy/ingress-patch.yaml |  9 +++++++++
 shared/components/oauth2-proxy/kustomization.yaml | 10 +++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 shared/components/oauth2-proxy/ingress-patch.yaml

diff --git a/shared/components/oauth2-proxy/ingress-patch.yaml b/shared/components/oauth2-proxy/ingress-patch.yaml
new file mode 100644
index 000000000..2456a2a80
--- /dev/null
+++ b/shared/components/oauth2-proxy/ingress-patch.yaml
@@ -0,0 +1,9 @@
+- op: add
+  path: /metadata/annotations/nginx.ingress.kubernetes.io~1auth-response-headers
+  value: Authorization
+- op: add
+  path: /metadata/annotations/nginx.ingress.kubernetes.io~1auth-url
+  value: https://$host/oauth2/auth
+- op: add
+  path: /metadata/annotations/nginx.ingress.kubernetes.io~1auth-signin
+  value: https://$host/oauth2/start?rd=$escaped_request_uri
\ No newline at end of file
diff --git a/shared/components/oauth2-proxy/kustomization.yaml b/shared/components/oauth2-proxy/kustomization.yaml
index a92d7e6dd..206a82bc7 100644
--- a/shared/components/oauth2-proxy/kustomization.yaml
+++ b/shared/components/oauth2-proxy/kustomization.yaml
@@ -6,4 +6,12 @@ resources:
   - secret.yaml
   - repository.yaml
   - release.yaml
-  - networkpolicy.yaml
\ No newline at end of file
+  - networkpolicy.yaml
+
+patches:
+  - path: ingress-patch.yaml
+    target:
+      group: networking.k8s.io
+      version: v1
+      kind: Ingress
+      annotationSelector: "oauth2-proxy.kustomize.si-infra.de/exclude-ingress!=true"
\ No newline at end of file
-- 
GitLab