feat(dashboard): PoC Oauth2 auth

2025-02-03 09:57:05 +01:00 · 2025-02-03 09:57:05 +01:00 · 0fccef973f
commit 0fccef973f
parent 89b682935b
53 changed files with 1914 additions and 331 deletions
--- a/cmd/manager.go
+++ b/cmd/manager.go
@ -40,6 +40,10 @@ type manager struct {
 	SecureMetrics        bool   `name:"metrics-secure" default:"true" help:"If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead."`
 	EnableHTTP2          bool   `name:"enable-http2" default:"false" help:"If set, HTTP/2 will be enabled for the metrics and webhook servers"`
 	Namespace            string `name:"controller-namespace" env:"CONTROLLER_NAMESPACE" default:"" help:"Namespace where the controller is running, ideally set via downward API"`
+	Tls                  struct {
+		CACert FileContent `env:"CA_CERT" name:"ca-cert" required:"" help:"The path to the CA certificate file."`
+		CAKey  FileContent `env:"CA_KEY" name:"ca-key" required:"" help:"The path to the CA key file."`
+	} `embed:"" prefix:"tls." envprefix:"TLS_"`
 }

 func (m manager) Run(ctx context.Context) error {
@ -68,6 +72,11 @@ func (m manager) Run(ctx context.Context) error {
 		TLSOpts: tlsOpts,
 	})

+	caCert, err := tls.X509KeyPair(m.Tls.CACert, m.Tls.CAKey)
+	if err != nil {
+		return fmt.Errorf("unable to load CA cert: %w", err)
+	}
+
 	// Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server.
 	// More info:
 	// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.1/pkg/metrics/server
@ -145,6 +154,7 @@ func (m manager) Run(ctx context.Context) error {
 	if err = (&controller.APIGatewayReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
+		CACert: caCert,
 	}).SetupWithManager(ctx, mgr); err != nil {
 		return fmt.Errorf("unable to create controller APIGateway: %w", err)
 	}