diff --git a/README.md b/README.md index cf9e856..bfcf1dd 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ patch /etc/kubernetes/manifests/kube-apiserver.yaml - << EOF - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-servers=https://127.0.0.1:2379 -+ - --oidc-issuer-url=https://auth2.k-space.ee/ ++ - --oidc-issuer-url=https://auth.k-space.ee/ + - --oidc-client-id=oidc-gateway.kubelogin + - --oidc-username-claim=sub + - --oidc-groups-claim=groups diff --git a/harbor/application-extras.yml b/harbor/application-extras.yml new file mode 100644 index 0000000..22a24ce --- /dev/null +++ b/harbor/application-extras.yml @@ -0,0 +1,23 @@ +--- +apiVersion: codemowers.cloud/v1beta1 +kind: OIDCClient +metadata: + name: harbor + namespace: harbor-operator +spec: + displayName: Harbor + uri: https://harbor.k-space.ee + redirectUris: + - https://harbor.k-space.ee/c/oidc/callback + allowedGroups: + - k-space:floor + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + availableScopes: + - openid + - profile + pkce: false + \ No newline at end of file diff --git a/passmower/application.yaml b/passmower/application.yaml index ea06630..ede670a 100644 --- a/passmower/application.yaml +++ b/passmower/application.yaml @@ -546,8 +546,6 @@ spec: value: "k-space" - name: ADMIN_GROUP value: "k-space:onboarding" - - name: REQUIRED_GROUP - value: "github.com:foo:bar" - name: GITHUB_ORGANIZATION value: "codemowers" - name: ENROLL_USERS