feat(apigateay): add OIDC and basic auth support

- when setting an OIDC issuer URL the defaulter will fetch and set authorization and token endpoints - basic auth allows to use either inline hashed credentials or plaintext credentials from a secret that are automatically hashed - finish TLS support for API & dashboard listeners
2025-02-05 20:47:02 +01:00 · 2025-02-05 20:47:02 +01:00 · 3c13eb0d6b
commit 3c13eb0d6b
parent e9302c51be
21 changed files with 721 additions and 276 deletions
--- a/config/samples/supabase_v1alpha1_apigateway_dashboard_basic_auth.yaml
+++ b/config/samples/supabase_v1alpha1_apigateway_dashboard_basic_auth.yaml
@ -0,0 +1,30 @@
+---
+apiVersion: supabase.k8s.icb4dc0.de/v1alpha1
+kind: APIGateway
+metadata:
+  labels:
+    app.kubernetes.io/name: supabase-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: gateway-sample
+spec:
+  apiEndpoint:
+    jwks:
+      # will be created by Core resource operator if not present
+      # just make sure the secret name is either based on the name of the core resource or explicitly set
+      name: core-sample-jwt
+      key: jwks.json
+  dashboardEndpoint:
+    auth:
+      basic:
+        usersInline:
+          # admin:admin
+          - admin:{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc=
+        plaintextUsersSecretRef: studio-sample-basic-auth
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: studio-sample-basic-auth
+  namespace: supabase-demo
+stringData:
+  ted: not_admin