oidc: fix deployment

oidc-gateway/deployment.yml

@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: oidc-gateway-default
+  name: oidc-gateway
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -10,6 +10,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: oidc-gateway
+    namespace: oidc-gateway
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -17,10 +18,12 @@ metadata:
   name: oidc-gateway
 ---
 apiVersion: codemowers.io/v1alpha1
-kind: KeyDBCluster
+kind: Redis
+metadata:
+  name: oidc-gateway
 spec:
-  persistent: false
+  capacity: 512Mi
-  replicas: 3
+  class: ephemeral
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -69,7 +72,7 @@ spec:
       serviceAccountName: oidc-gateway
       containers:
         - name: oidc-key-manager
-          image: codemowers/oidc-gateway
+          image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
           command: [ '/app/node_modules/.bin/key-manager', 'initialize', '-c', 'cluster' ]
       restartPolicy: Never
 ---
@@ -92,7 +95,7 @@ spec:
       serviceAccountName: oidc-gateway
       containers:
         - name: oidc-gateway
-          image: codemowers/oidc-gateway
+          image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
           ports:
             - containerPort: 3000
           env:
@@ -105,7 +108,7 @@ spec:
             - name: GROUP_PREFIX
               value: 'k-space'
             - name: ADMIN_GROUP
-              value: 'k-space:admins'
+              value: 'github.com:codemowers:admins'
 #            - name: REQUIRED_GROUP # allow everyone to authenticate, limit access to services on client level.
 #              value: 'codemowers:users'
             - name: GITHUB_ORGANIZATION # if not set, gateway will add user groups from all organizations that (s)he granted access for.
@@ -124,7 +127,7 @@ spec:
             - secretRef:
                 name: oidc-keys
             - secretRef:
-                name: oidc-gateway-email-credentials
+                name: email-credentials
             - secretRef:
                 name: github-client
             - secretRef: