[ADD] support for AWS Cognito

charts/cvat-helm/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.4
+version: 0.2.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/cvat-helm/templates/ingress.yaml

@@ -39,6 +39,14 @@ metadata:
       alb.ingress.kubernetes.io/ssl-redirect: "443"
       alb.ingress.kubernetes.io/success-codes: 200-399
       alb.ingress.kubernetes.io/target-type: ip
+      {{-  if eq (.Values.ingress.cognitoEnabled | toString) "true" }}
+      alb.ingress.kubernetes.io/auth-type: cognito
+      alb.ingress.kubernetes.io/auth-scope: openid
+      alb.ingress.kubernetes.io/auth-session-timeout: '3600'
+      alb.ingress.kubernetes.io/auth-session-cookie: AWSELBAuthSessionCookie
+      alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate
+      alb.ingress.kubernetes.io/auth-idp-cognito: '{"UserPoolArn": "{{ .Values.ingress.cognitoUserPool }}","UserPoolClientId":"{{ .Values.ingress.cognitoUserPoolClient }}","UserPoolDomain":"{{ .Values.ingress.cognitoUserPoolDomain }}"}'
+      {{- end}}
 {{- end }}
 spec:
 {{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.GitVersion }}

charts/cvat-helm/values.yaml

@@ -9,7 +9,11 @@ ingress:
   host: cvat.kube-public
   clusterIssuer: selfsigned-ca-issuer
   ingressClassName: nginx
-  certificateArn: ""  
+  certificateArn: ""
+  cognitoEnabled: "false"
+  cognitoUserPool: ""
+  cognitoUserPoolClient : ""
+  cognitoUserPoolDomain : ""
 
 opa:
   repository: sebagarayco/opa-cvat-rules