migrate to new passmower

This commit is contained in:
Erki Aas 2024-07-27 19:44:30 +03:00
parent e89edca340
commit 1e8bccbfa3
3 changed files with 24 additions and 3 deletions

View File

@ -23,7 +23,7 @@ patch /etc/kubernetes/manifests/kube-apiserver.yaml - << EOF
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://127.0.0.1:2379 - --etcd-servers=https://127.0.0.1:2379
+ - --oidc-issuer-url=https://auth2.k-space.ee/ + - --oidc-issuer-url=https://auth.k-space.ee/
+ - --oidc-client-id=oidc-gateway.kubelogin + - --oidc-client-id=oidc-gateway.kubelogin
+ - --oidc-username-claim=sub + - --oidc-username-claim=sub
+ - --oidc-groups-claim=groups + - --oidc-groups-claim=groups

View File

@ -0,0 +1,23 @@
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
name: harbor
namespace: harbor-operator
spec:
displayName: Harbor
uri: https://harbor.k-space.ee
redirectUris:
- https://harbor.k-space.ee/c/oidc/callback
allowedGroups:
- k-space:floor
grantTypes:
- authorization_code
- refresh_token
responseTypes:
- code
availableScopes:
- openid
- profile
pkce: false

View File

@ -546,8 +546,6 @@ spec:
value: "k-space" value: "k-space"
- name: ADMIN_GROUP - name: ADMIN_GROUP
value: "k-space:onboarding" value: "k-space:onboarding"
- name: REQUIRED_GROUP
value: "github.com:foo:bar"
- name: GITHUB_ORGANIZATION - name: GITHUB_ORGANIZATION
value: "codemowers" value: "codemowers"
- name: ENROLL_USERS - name: ENROLL_USERS