diff --git a/istio/oidc-authservice/base/envoy-filter.yaml b/istio/oidc-authservice/base/envoy-filter.yaml index eb2e1415f3..59d30496a5 100644 --- a/istio/oidc-authservice/base/envoy-filter.yaml +++ b/istio/oidc-authservice/base/envoy-filter.yaml @@ -4,7 +4,7 @@ metadata: name: authn-filter spec: workloadLabels: - istio: ingressgateway + istio: $(gatewaySelector) filters: - filterConfig: httpService: diff --git a/istio/oidc-authservice/base/kustomization.yaml b/istio/oidc-authservice/base/kustomization.yaml index 7cb5da3f5d..06266f0f2c 100644 --- a/istio/oidc-authservice/base/kustomization.yaml +++ b/istio/oidc-authservice/base/kustomization.yaml @@ -80,6 +80,13 @@ vars: apiVersion: v1 fieldref: fieldpath: data.namespace +- name: gatewaySelector + objref: + kind: ConfigMap + name: oidc-authservice-parameters + apiVersion: v1 + fieldref: + fieldpath: data.gatewaySelector configurations: - params.yaml images: diff --git a/istio/oidc-authservice/base/params.env b/istio/oidc-authservice/base/params.env index 9ae6e65cfb..ffd0a5b0e1 100644 --- a/istio/oidc-authservice/base/params.env +++ b/istio/oidc-authservice/base/params.env @@ -6,4 +6,5 @@ application_secret=pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok skip_auth_uri= userid-header= userid-prefix= -namespace=istio-system \ No newline at end of file +namespace=istio-system +gatewaySelector=ingressgateway \ No newline at end of file diff --git a/istio/oidc-authservice/base/params.yaml b/istio/oidc-authservice/base/params.yaml index a98891656b..d32f20eb27 100644 --- a/istio/oidc-authservice/base/params.yaml +++ b/istio/oidc-authservice/base/params.yaml @@ -4,4 +4,6 @@ varReference: - path: spec/filters/filterConfig/httpService/serverUri/uri kind: EnvoyFilter - path: spec/filters/filterConfig/httpService/serverUri/cluster + kind: EnvoyFilter +- path: spec/workloadLabels/istio kind: EnvoyFilter \ No newline at end of file diff --git a/tests/stacks/aws/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml b/tests/stacks/aws/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml index 842931420f..c3193ba74b 100644 --- a/tests/stacks/aws/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml +++ b/tests/stacks/aws/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml @@ -2,6 +2,7 @@ apiVersion: v1 data: application_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok client_id: kubeflow-oidc-authservice + gatewaySelector: ingressgateway namespace: istio-system oidc_auth_url: /dex/auth oidc_provider: http://dex.auth.svc.cluster.local:5556/dex diff --git a/tests/stacks/ibm/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml b/tests/stacks/ibm/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml index 842931420f..c3193ba74b 100644 --- a/tests/stacks/ibm/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml +++ b/tests/stacks/ibm/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml @@ -2,6 +2,7 @@ apiVersion: v1 data: application_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok client_id: kubeflow-oidc-authservice + gatewaySelector: ingressgateway namespace: istio-system oidc_auth_url: /dex/auth oidc_provider: http://dex.auth.svc.cluster.local:5556/dex diff --git a/tests/stacks/kubernetes/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml b/tests/stacks/kubernetes/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml index 842931420f..c3193ba74b 100644 --- a/tests/stacks/kubernetes/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml +++ b/tests/stacks/kubernetes/application/oidc-authservice/test_data/expected/~g_v1_configmap_oidc-authservice-parameters.yaml @@ -2,6 +2,7 @@ apiVersion: v1 data: application_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok client_id: kubeflow-oidc-authservice + gatewaySelector: ingressgateway namespace: istio-system oidc_auth_url: /dex/auth oidc_provider: http://dex.auth.svc.cluster.local:5556/dex