summaryrefslogtreecommitdiff
path: root/src/oathkeeper_adm_rules.jsonnet
diff options
context:
space:
mode:
Diffstat (limited to 'src/oathkeeper_adm_rules.jsonnet')
-rw-r--r--src/oathkeeper_adm_rules.jsonnet32
1 files changed, 32 insertions, 0 deletions
diff --git a/src/oathkeeper_adm_rules.jsonnet b/src/oathkeeper_adm_rules.jsonnet
new file mode 100644
index 0000000..1061077
--- /dev/null
+++ b/src/oathkeeper_adm_rules.jsonnet
@@ -0,0 +1,32 @@
+local main = import "../includes/main.jsonnet";
+local oathkeeper = import "../includes/oathkeeper.jsonnet";
+
+local Endpoint(name, remote) = {
+ local sub_domain = name + "." + main.admin.domain,
+ id: main.admin.domain + ":" + name,
+ upstream: {
+ preserve_host: false,
+ url: remote
+ },
+ match: {
+ url: "https://" + sub_domain + "/<.*>",
+ methods: oathkeeper.allHttpMethods,
+ },
+ authenticators: [oathkeeper.authenticators.cookieSession, oathkeeper.authenticators.oauth2ClientCredentials],
+ authorizer: oathkeeper.authorizers.keto(sub_domain),
+ mutators: [oathkeeper.mutators.idToken, oathkeeper.mutators.header],
+ errors: [oathkeeper.errors.redirect],
+};
+
+[
+ Endpoint("prometheus", "http://stairway.internal.random.sh:9090"),
+ Endpoint("alertmanager", "http://stairway.internal.random.sh:9093"),
+ Endpoint("blackbox", "http://stairway.internal.random.sh:9115"),
+ Endpoint("loki", "http://loki.internal.random.sh:3100"),
+ Endpoint("grafana", "http://grafana.internal.random.sh:3000"),
+ Endpoint("kratos-admin-ui", "http://kratos-admin-ui.internal.random.sh"),
+ Endpoint("kratos-admin-api", "https://kratos.admin.sso.internal.random.sh"),
+ Endpoint("kratos-api", "https://kratos.sso.internal.random.sh"),
+ Endpoint("opa", "http://opa.internal.random.sh:8181"),
+ Endpoint("stairway-pushgateway", "https://stairway-pushgateway.adm.random.sh/")
+]
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 10:46:32 +0000