diff --git a/oidc-gateway/deployment.yml b/oidc-gateway/deployment.yml index 42263d1..7e0105f 100644 --- a/oidc-gateway/deployment.yml +++ b/oidc-gateway/deployment.yml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: oidc-gateway-default + name: oidc-gateway roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -10,6 +10,7 @@ roleRef: subjects: - kind: ServiceAccount name: oidc-gateway + namespace: oidc-gateway --- apiVersion: v1 kind: ServiceAccount @@ -17,10 +18,12 @@ metadata: name: oidc-gateway --- apiVersion: codemowers.io/v1alpha1 -kind: KeyDBCluster +kind: Redis +metadata: + name: oidc-gateway spec: - persistent: false - replicas: 3 + capacity: 512Mi + class: ephemeral --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -69,7 +72,7 @@ spec: serviceAccountName: oidc-gateway containers: - name: oidc-key-manager - image: codemowers/oidc-gateway + image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway command: [ '/app/node_modules/.bin/key-manager', 'initialize', '-c', 'cluster' ] restartPolicy: Never --- @@ -92,7 +95,7 @@ spec: serviceAccountName: oidc-gateway containers: - name: oidc-gateway - image: codemowers/oidc-gateway + image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway ports: - containerPort: 3000 env: @@ -105,7 +108,7 @@ spec: - name: GROUP_PREFIX value: 'k-space' - name: ADMIN_GROUP - value: 'k-space:admins' + value: 'github.com:codemowers:admins' # - name: REQUIRED_GROUP # allow everyone to authenticate, limit access to services on client level. # value: 'codemowers:users' - name: GITHUB_ORGANIZATION # if not set, gateway will add user groups from all organizations that (s)he granted access for. @@ -124,7 +127,7 @@ spec: - secretRef: name: oidc-keys - secretRef: - name: oidc-gateway-email-credentials + name: email-credentials - secretRef: name: github-client - secretRef: