Chore: Group auth docker blocks (#54274)

* Move auth docker images to parent folder * Add README file for auth parent folder * Add grafana-authnz-team as code owner * Update `devenv` docs
2022-08-29 08:36:56 +02:00
parent 72a143aaff
commit d2547bb832
74 changed files with 36 additions and 1 deletions
@@ -0,0 +1,57 @@
+  oauthkeycloakdb:
+    image: postgres:12.2
+    container_name: oauthkeycloakdb
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    volumes:
+      - ./docker/blocks/jwt_proxy/cloak.sql:/docker-entrypoint-initdb.d/cloak.sql
+    restart: unless-stopped
+
+  oauthkeycloak:
+    image: quay.io/keycloak/keycloak:12.0.1
+    container_name: oauthkeycloak
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: oauthkeycloakdb
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: password
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admin
+      PROXY_ADDRESS_FORWARDING: "true"
+    ports:
+      - 8087:8080
+    depends_on:
+      - oauthkeycloakdb
+    links:
+      - "oauthkeycloakdb:oauthkeycloakdb"
+    restart: unless-stopped
+
+  oauthproxy:
+    image: docker.io/bitnami/oauth2-proxy:7.3.0
+    container_name: oauthproxy
+    command: [
+      "--cookie-secret=yI-CWT5s4sBR2Zd0DDJJlTYc0aQ3jwGH15jYA18ZAQA=",
+      "--upstream=http://env.grafana.local:3000",
+      "--provider=keycloak",
+      "--client-id=grafana-oauth",
+      "--client-secret=d17b9ea9-bcb1-43d2-b132-d339e55872a8",
+      "--login-url=http://env.grafana.local:8087/auth/realms/grafana/protocol/openid-connect/auth",
+      "--redeem-url=http://env.grafana.local:8087/auth/realms/grafana/protocol/openid-connect/token",
+      "--profile-url=http://env.grafana.local:8087/auth/realms/grafana/protocol/openid-connect/userinfo",
+      "--validate-url=http://env.grafana.local:8087/auth/realms/grafana/protocol/openid-connect/userinfo",
+      "--cookie-secure=false",
+      "--http-address=0.0.0.0:8088",
+      "--redirect-url=http://env.grafana.local:8088/oauth2/callback",
+      "--pass-access-token=true",
+      "--email-domain=*",
+    ]
+    depends_on:
+      - oauthkeycloak
+    extra_hosts:
+      - "env.grafana.local:host-gateway"
+    ports:
+      - 8088:8088
+    restart: unless-stopped