-var gatewayManifest = `
-apiVersion: networking.istio.io/v1beta1
-kind: Gateway
-metadata:
- name: nonrtric-istio-RAPP-NAME-gateway
- namespace: RAPP-NS
-spec:
- selector:
- istio: ingressgateway # use Istio gateway implementation
- servers:
- - port:
- number: 80
- name: http
- protocol: HTTP
- hosts:
- - "*"
-`
-
-var virtualServiceManifest = `
-apiVersion: networking.istio.io/v1beta1
-kind: VirtualService
-metadata:
- name: nonrtric-istio-RAPP-NAME-vs
- namespace: RAPP-NS
-spec:
- hosts:
- - "*"
- gateways:
- - nonrtric-istio-RAPP-NAME-gateway
- http:
- - name: "RAPP-NAME-routes"
- match:
- - uri:
- prefix: "/RAPP-NAME"
- route:
- - destination:
- port:
- number: 80
- host: RAPP-NAME.RAPP-NS.svc.cluster.local
-`
-
-var requestAuthenticationManifest = `
-apiVersion: security.istio.io/v1beta1
-kind: RequestAuthentication
-metadata:
- name: "jwt-RAPP-NAME"
- namespace: RAPP-NS
-spec:
- selector:
- matchLabels:
- app.kubernetes.io/instance: RAPP-NAME
- jwtRules:
- - issuer: "http://192.168.49.2:31560/auth/realms/REALM-NAME"
- jwksUri: "http://192.168.49.2:31560/auth/realms/REALM-NAME/protocol/openid-connect/certs"
- - issuer: "http://keycloak.default:8080/auth/realms/REALM-NAME"
- jwksUri: "http://keycloak.default:8080/auth/realms/REALM-NAME/protocol/openid-connect/certs"
- - issuer: "https://192.168.49.2:31561/auth/realms/REALM-NAME"
- jwksUri: "https://192.168.49.2:31561/auth/realms/REALM-NAME/protocol/openid-connect/certs"
- - issuer: "https://keycloak.default:8443/auth/realms/REALM-NAME"
- jwksUri: "https://keycloak.default:8443/auth/realms/REALM-NAME/protocol/openid-connect/certs"
- - issuer: "https://keycloak.est.tech:443/auth/realms/REALM-NAME"
- jwksUri: "https://keycloak.default:8443/auth/realms/REALM-NAME/protocol/openid-connect/certs"
- - issuer: "http://istio-ingressgateway.istio-system:80/auth/realms/REALM-NAME"
- jwksUri: "http://keycloak.default:8080/auth/realms/REALM-NAME/protocol/openid-connect/certs"
-`
-
-var authorizationPolicyManifest = `
-apiVersion: "security.istio.io/v1beta1"
-kind: "AuthorizationPolicy"
-metadata:
- name: "RAPP-NAME-policy"
- namespace: RAPP-NS
-spec:
- selector:
- matchLabels:
- app.kubernetes.io/instance: RAPP-NAME
- action: ALLOW
- rules:
- - from:
- - source:
- requestPrincipals: ["http://192.168.49.2:31560/auth/realms/REALM-NAME/", "http://keycloak.default:8080/auth/realms/REALM-NAME/", "https://192.168.49.2:31561/auth/realms/REALM-NAME/", "https://keycloak.default:8443/auth/realms/REALM-NAME/", "https://keycloak.est.tech:443/auth/realms/REALM-NAME/", "http://istio-ingressgateway.istio-system:80/auth/realms/REALM-NAME/"]
- - to:
- - operation:
- methods: ["METHOD-NAME"]
- paths: ["/RAPP-NAME"]
- when:
- - key: request.auth.claims[clientRole]
- values: ["ROLE-NAME"]
-`