Add jwt-proxy functionality

[nonrtric.git] / service-exposure / templates / RequestAuthentication-template.txt

diff --git a/service-exposure/templates/RequestAuthentication-template.txt b/service-exposure/templates/RequestAuthentication-template.txt
new file mode 100644 (file)
index 0000000..5fbdbbb
--- /dev/null
+++ b/service-exposure/templates/RequestAuthentication-template.txt
@@ -0,0 +1,31 @@
+#
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+apiVersion: security.istio.io/v1beta1
+kind: RequestAuthentication
+metadata:
+  name: "jwt-{{.Name}}"
+  namespace: {{.Namespace}}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: {{.Name}}
+  jwtRules:
+  - issuer: "http://istio-ingressgateway.istio-system:80/auth/realms/{{.Realm}}"
+    jwksUri: "http://keycloak.default:8080/auth/realms/{{.Realm}}/protocol/openid-connect/certs"