Drupal SSO Proxy integration
Based on https://paas.docs.cern.ch/4._CERN_Authentication/2-deploy-sso-proxy/ , we want to have a change of deployment in the presence of a label on the namespace (example: ªlabel: "drupal.cern.ch/sso-proxy:true").
The reason to use the namespace as the location for the toggle is due to the fact we do not want users to be able to use it, it should be reserved to infrastructure admins and this is the simplest place to set it without further changes.
The current Deployment leads with an HTTP request the following way:
flowchart LR
A[User] -->|Get access| B(Nginx)
B --> C[PHP-FPM]
Upon the presence of the label, it should change to:
flowchart LR
A[User] -->|Get access| D(SSO Proxy)
B --> C[PHP-FPM]
D --> B[Nginx]
To achieve this, the Operator must be changed in the following components:
- Deployment, the new deployment must contain a new sidecar container with SSO Proxy correctly set
- Route, the route must be updated to point to the new sidecar container instead of directly Nginx
The image used for the SSO Proxy should follow the approach of similar sidecar containers.