1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
local main = import "../includes/main.jsonnet";
local oathkeeper = import "../includes/oathkeeper.jsonnet";
local Endpoint(name, remote) = {
local sub_domain = name + "." + main.admin.domain,
id: main.admin.domain + ":" + name,
upstream: {
preserve_host: false,
url: remote
},
match: {
url: "https://" + sub_domain + "/<.*>",
methods: oathkeeper.allHttpMethods,
},
authenticators: [oathkeeper.authenticators.cookieSession, oathkeeper.authenticators.oauth2ClientCredentials],
authorizer: oathkeeper.authorizers.keto(sub_domain),
mutators: [oathkeeper.mutators.idToken, oathkeeper.mutators.header],
errors: [oathkeeper.errors.redirect],
};
[
Endpoint("prometheus", "http://stairway.internal.random.sh:9090"),
Endpoint("alertmanager", "http://stairway.internal.random.sh:9093"),
Endpoint("blackbox", "http://stairway.internal.random.sh:9115"),
Endpoint("loki", "http://loki.internal.random.sh:3100"),
Endpoint("grafana", "http://grafana.internal.random.sh:3000"),
Endpoint("kratos-admin-ui", "http://kratos-admin-ui.internal.random.sh"),
Endpoint("kratos-admin-api", "https://kratos.admin.sso.internal.random.sh"),
Endpoint("kratos-api", "https://kratos.sso.internal.random.sh"),
Endpoint("opa", "http://opa.internal.random.sh:8181"),
Endpoint("stairway-pushgateway", "https://stairway-pushgateway.adm.random.sh/")
]
|