diff options
Diffstat (limited to 'src/oathkeeper_adm_rules.jsonnet')
-rw-r--r-- | src/oathkeeper_adm_rules.jsonnet | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/src/oathkeeper_adm_rules.jsonnet b/src/oathkeeper_adm_rules.jsonnet new file mode 100644 index 0000000..1061077 --- /dev/null +++ b/src/oathkeeper_adm_rules.jsonnet @@ -0,0 +1,32 @@ +local main = import "../includes/main.jsonnet"; +local oathkeeper = import "../includes/oathkeeper.jsonnet"; + +local Endpoint(name, remote) = { + local sub_domain = name + "." + main.admin.domain, + id: main.admin.domain + ":" + name, + upstream: { + preserve_host: false, + url: remote + }, + match: { + url: "https://" + sub_domain + "/<.*>", + methods: oathkeeper.allHttpMethods, + }, + authenticators: [oathkeeper.authenticators.cookieSession, oathkeeper.authenticators.oauth2ClientCredentials], + authorizer: oathkeeper.authorizers.keto(sub_domain), + mutators: [oathkeeper.mutators.idToken, oathkeeper.mutators.header], + errors: [oathkeeper.errors.redirect], +}; + +[ + Endpoint("prometheus", "http://stairway.internal.random.sh:9090"), + Endpoint("alertmanager", "http://stairway.internal.random.sh:9093"), + Endpoint("blackbox", "http://stairway.internal.random.sh:9115"), + Endpoint("loki", "http://loki.internal.random.sh:3100"), + Endpoint("grafana", "http://grafana.internal.random.sh:3000"), + Endpoint("kratos-admin-ui", "http://kratos-admin-ui.internal.random.sh"), + Endpoint("kratos-admin-api", "https://kratos.admin.sso.internal.random.sh"), + Endpoint("kratos-api", "https://kratos.sso.internal.random.sh"), + Endpoint("opa", "http://opa.internal.random.sh:8181"), + Endpoint("stairway-pushgateway", "https://stairway-pushgateway.adm.random.sh/") +] |