Skip to content

Instantly share code, notes, and snippets.

@ctison

ctison/Ambassador - mapping.yaml

Created December 2, 2019 07:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ctison/88dbbea3f049618ac8a37a54f12a49a9 to your computer and use it in GitHub Desktop.
Save ctison/88dbbea3f049618ac8a37a54f12a49a9 to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes + Ambassador + Oathkeeper + Hasura
Raw
Ambassador - mapping.yaml
apiVersion: getambassador.io/v1
kind: Mapping
metadata:
name: hasura
spec:
host: api.YOURDOMAIN.io
prefix: /v1/graphql
rewrite: ''
service: http://hasura.hasura
Raw
Oathkeeper - config.yaml
access_rules:
repositories:
- file:///etc/oathkeeper/rules.yaml
authenticators:
noop:
enabled: true
jwt:
enabled: true
config:
allowed_algorithms: [RS256]
scope_strategy: none
jwks_urls: [https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com]
target_audience: [YOURPROJECTNAME-auth]
trusted_issuers: [https://securetoken.google.com/YOURPROJECTNAME-auth]
authorizers:
allow:
enabled: true
deny:
enabled: true
mutators:
noop:
enabled: true
header:
enabled: true
config:
headers: {}
Raw
Oathkeeper - rules.yaml
- id: hasura
match:
methods: [GET, HEAD, POST]
url: http://api.YOUDOMAIN.io/v1/graphql
authenticators:
- handler: jwt
authorizer:
handler: allow
mutators:
- handler: header
config:
headers:
X-Hasura-Role: user
X-Hasura-User-Id: "{{ print .Subject }}"
X-Hasura-User-Email: "{{ print .Extra.email }}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment