Change to new cluster config

2024-07-27 03:40:41 +03:00 · 2024-07-27 03:40:41 +03:00 · 2aa75d9e4b
commit 2aa75d9e4b
parent d554fae7cd
4 changed files with 7 additions and 7 deletions
--- a/deployment.yaml
+++ b/deployment.yaml
@ -22,7 +22,7 @@ spec:
          image: inventory-app
          env:
            - name: OIDC_USERS_NAMESPACE
-              value: "oidc-gateway"
+              value: "default"
            - name: SLACK_DOORLOG_CALLBACK
              value: "changeme"
            - name: SLACK_INVENTORY_CALLBACK
@ -82,11 +82,11 @@ kind: Ingress
 metadata:
  name: inventory-app
  annotations:
-    kubernetes.io/ingress.class: shared
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.codemowers.ee
 spec:
+  ingressClassName: shared
  rules:
  - host: inventory-app-72zn4.codemowers.ee
    http:
@ -102,8 +102,8 @@ spec:
  - hosts:
    - "*.codemowers.ee"
 ---
-apiVersion: codemowers.io/v1alpha1
-kind: OIDCGWClient
+apiVersion: codemowers.cloud/v1beta1
+kind: OIDCClient
 metadata:
  name: inventory-app
 spec:
--- a/inventory-app/common.py
+++ b/inventory-app/common.py
@ -33,7 +33,7 @@ class User:
 def get_users_inner():
    config.load_incluster_config()
    api_instance = client.CustomObjectsApi()
-    ret = api_instance.list_namespaced_custom_object("codemowers.io", "v1alpha1", OIDC_USERS_NAMESPACE, "oidcgatewayusers")
+    ret = api_instance.list_namespaced_custom_object("codemowers.cloud", "v1beta1", OIDC_USERS_NAMESPACE, "oidcusers")
    for item in ret["items"]:
        username = item['metadata']['name']
        display_name = item.get("spec", {}).get("customProfile", {}).get("name", None)
--- a/inventory-app/oidc.py
+++ b/inventory-app/oidc.py
@ -10,7 +10,7 @@ from functools import wraps

 page_oidc = Blueprint("oidc", __name__)
 db = MongoClient(const.MONGO_URI).get_default_database()
-gw_uri = os.getenv("OIDC_GATEWAY_URI")
+gw_uri = os.getenv("OIDC_IDP_URI")
 metadata = requests.get(f"{gw_uri}.well-known/openid-configuration").json()

 def login_required(_f=None, *, groups=[]):
--- a/serviceaccount.yml
+++ b/serviceaccount.yml
@ -6,7 +6,7 @@ metadata:
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: cluster-admin
+  name: passmower
 subjects:
  - kind: ServiceAccount
    name: oidc-gateway