Add helm deployments and a Makefile for the auth examples/tests.

examples/authentication/Makefile

+# Copyright (c) 2020 UPLEX Nils Goroll Systemoptimierung
+# All rights reserved
+#
+# Author: Geoffrey Simmons <geoffrey.simmons@uplex.de>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+# GNU make is required.
+
+mkpath := $(abspath $(lastword $(MAKEFILE_LIST)))
+mkdir := $(dir $(mkpath))
+
+CHARTDIR=$(mkdir)/../../charts
+TESTDIR=$(mkdir)/../../test
+
+all: deploy
+
+deploy-basic-auth-helm:
+	@helm install viking-ingress-basic-auth $(CHARTDIR)/viking-test-app \
+		--values values-basic-auth.yaml
+
+deploy-proxy-auth-helm:
+	@helm install viking-ingress-proxy-auth $(CHARTDIR)/viking-test-app \
+		--values values-proxy-auth.yaml
+
+deploy-acl-or-auth-helm:
+	@helm install viking-ingress-acl-or-auth $(CHARTDIR)/viking-test-app \
+		--values values-acl-or-auth.yaml
+
+deploy-basic-auth-kubectl:
+	@kubectl apply -f $(mkdir)/../hello/cafe.yaml
+	@kubectl apply -f $(mkdir)/../hello/cafe-ingress.yaml
+	@kubectl apply -f basic-secrets.yaml
+	@kubectl apply -f basic-auth.yaml
+
+deploy-proxy-auth-kubectl:
+	@kubectl apply -f $(mkdir)/../hello/cafe.yaml
+	@kubectl apply -f $(mkdir)/../hello/cafe-ingress.yaml
+	@kubectl apply -f proxy-auth-secrets.yaml
+	@kubectl apply -f proxy-auth.yaml
+
+deploy-acl-or-auth-kubectl:
+	@kubectl apply -f $(mkdir)/../hello/cafe.yaml
+	@kubectl apply -f $(mkdir)/../hello/cafe-ingress.yaml
+	@kubectl apply -f basic-secrets.yaml
+	@kubectl apply -f acl-or-auth.yaml
+
+# TESTOPTS are passed to varnishtest, e.g.: make TESTOPTS=-v verify
+verify-basic-auth:
+	$(mkdir)/verify_basic_auth.sh
+
+verify-proxy-auth:
+	$(mkdir)/verify_proxy_auth.sh
+
+verify-acl-or-auth:
+	$(mkdir)/verify_acl_or_auth.sh
+
+wait:
+	$(TESTDIR)/wait.sh app=varnish-ingress
+
+uninstall-basic-auth-kubectl:
+	@kubectl delete -f basic-auth.yaml
+	@kubectl delete -f basic-secrets.yaml
+	@kubectl delete -f $(mkdir)/../hello/cafe-ingress.yaml
+	@kubectl delete -f $(mkdir)/../hello/cafe.yaml
+
+uninstall-proxy-auth-kubectl:
+	@kubectl delete -f proxy-auth.yaml
+	@kubectl delete -f proxy-auth-secrets.yaml
+	@kubectl delete -f $(mkdir)/../hello/cafe-ingress.yaml
+	@kubectl delete -f $(mkdir)/../hello/cafe.yaml
+
+uninstall-acl-or-auth-kubectl:
+	@kubectl delete -f acl-or-auth.yaml
+	@kubectl delete -f basic-secrets.yaml
+	@kubectl delete -f $(mkdir)/../hello/cafe-ingress.yaml
+	@kubectl delete -f $(mkdir)/../hello/cafe.yaml
+
+uninstall-basic-auth-helm:
+	@helm uninstall viking-ingress-basic-auth
+
+uninstall-proxy-auth-helm:
+	@helm uninstall viking-ingress-proxy-auth
+
+uninstall-acl-or-auth-helm:
+	@helm uninstall viking-ingress-acl-or-auth
+
+undeploy-basic-auth-kubectl: uninstall-basic-auth-kubectl wait
+
+undeploy-proxy-auth-kubectl: uninstall-proxy-auth-kubectl wait
+
+undeploy-acl-or-auth-kubectl: uninstall-acl-or-auth-kubectl wait
+
+undeploy-basic-auth-helm: uninstall-basic-auth-helm wait
+
+undeploy-proxy-auth-helm: uninstall-proxy-auth-helm wait
+
+undeploy-acl-or-auth-helm: uninstall-acl-or-auth-helm wait
+
+deploy-basic-auth:
+
+deploy-proxy-auth:
+
+deploy-acl-or-auth:
+
+undeploy-basic-auth:
+
+undeploy-proxy-auth:
+
+undeploy-acl-or-auth:
+
+ifeq ($(DEPLOY),kubectl)
+deploy-basic-auth: deploy-basic-auth-kubectl
+deploy-proxy-auth: deploy-proxy-auth-kubectl
+deploy-acl-or-auth: deploy-acl-or-auth-kubectl
+undeploy-basic-auth: undeploy-basic-auth-kubectl
+undeploy-proxy-auth: undeploy-proxy-auth-kubectl
+undeploy-acl-or-auth: undeploy-acl-or-auth-kubectl
+else
+deploy-basic-auth: deploy-basic-auth-helm
+deploy-proxy-auth: deploy-proxy-auth-helm
+deploy-acl-or-auth: deploy-acl-or-auth-helm
+undeploy-basic-auth: undeploy-basic-auth-helm
+undeploy-proxy-auth: undeploy-proxy-auth-helm
+undeploy-acl-or-auth: undeploy-acl-or-auth-helm
+endif
+
+deploy verify undeploy:
+ifndef EXAMPLE
+	$(error EXAMPLE must be set to basic-auth, proxy-auth, or acl-or-auth)
+endif
+
+ifeq ($(EXAMPLE),basic-auth)
+deploy: deploy-basic-auth
+verify: verify-basic-auth
+undeploy: undeploy-basic-auth
+else ifeq ($(EXAMPLE),proxy-auth)
+deploy: deploy-proxy-auth
+verify: verify-proxy-auth
+undeploy: undeploy-proxy-auth
+else ifeq ($(EXAMPLE),acl-or-auth)
+deploy: deploy-acl-or-auth
+verify: verify-acl-or-auth
+undeploy: undeploy-acl-or-auth
+endif
+
+.PHONY: all $(MAKECMDGOALS)

examples/authentication/values-acl-or-auth.yaml

+apps:
+  coffee:
+    image: nginxdemos/hello:plain-text
+    replicas: 2
+  tea:
+    image: nginxdemos/hello:plain-text
+    replicas: 3
+
+ingress:
+  name: cafe-ingress
+  rules:
+  - host: cafe.example.com
+    paths:
+    - path: /tea
+      app: tea
+    - path: /coffee
+      app: coffee
+
+vikingAdmSvc: varnish-ingress-admin
+
+acls:
+  - name: ip-whitelist
+    addrs:
+    - addr: 192.0.2.0
+      mask-bits: 24
+    - addr: 198.51.100.0
+      mask-bits: 24
+    - addr: 203.0.113.0
+      mask-bits: 24
+    comparand: req.http.X-Real-IP
+    type: whitelist
+    fail-status: 0
+    result-header:
+      header: req.http.X-Whitelisted
+      success: "true"
+      failure: "false"
+
+auth:
+  - realm: cafe
+    conditions:
+      - comparand: req.http.X-Whitelisted
+        value: "false"
+        compare: equal
+    creds:
+      coffee-admin: superpowers
+      foo: bar
+      baz: quux
+      Aladdin: open sesame

examples/authentication/values-basic-auth.yaml

+apps:
+  coffee:
+    image: nginxdemos/hello:plain-text
+    replicas: 2
+  tea:
+    image: nginxdemos/hello:plain-text
+    replicas: 3
+
+ingress:
+  name: cafe-ingress
+  rules:
+  - host: cafe.example.com
+    paths:
+    - path: /tea
+      app: tea
+    - path: /coffee
+      app: coffee
+
+vikingAdmSvc: varnish-ingress-admin
+
+auth:
+  - realm: coffee
+    type: basic
+    utf8: true
+    conditions:
+      - comparand: req.http.Host
+        value: cafe.example.com
+        compare: equal
+      - comparand: req.url
+        value: ^/coffee($|/)
+        compare: match
+    creds:
+      coffee-admin: superpowers
+      foo: bar
+      baz: quux
+      Aladdin: open sesame
+  - realm: tea
+    conditions:
+      - comparand: req.http.Host
+        value: cafe.example.com
+        compare: equal
+      - comparand: req.url
+        value: ^/tea($|/)
+        compare: match
+    creds:
+      tea-admin: awesomeness
+      valerian: sleep
+      matcha: wakeup
+      AlbertAddin: open sez me

examples/authentication/values-proxy-auth.yaml

+apps:
+  coffee:
+    image: nginxdemos/hello:plain-text
+    replicas: 2
+  tea:
+    image: nginxdemos/hello:plain-text
+    replicas: 3
+
+ingress:
+  name: cafe-ingress
+  rules:
+  - host: cafe.example.com
+    paths:
+    - path: /tea
+      app: tea
+    - path: /coffee
+      app: coffee
+
+vikingAdmSvc: varnish-ingress-admin
+
+auth:
+  - realm: ingress
+    type: proxy
+    creds:
+      proxy-admin: studly
+      proxy-user: password1