oidc: fix deployment
This commit is contained in:
parent
be330ad121
commit
2493266aed
@ -2,7 +2,7 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: oidc-gateway-default
|
||||
name: oidc-gateway
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
@ -10,6 +10,7 @@ roleRef:
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: oidc-gateway
|
||||
namespace: oidc-gateway
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
@ -17,10 +18,12 @@ metadata:
|
||||
name: oidc-gateway
|
||||
---
|
||||
apiVersion: codemowers.io/v1alpha1
|
||||
kind: KeyDBCluster
|
||||
kind: Redis
|
||||
metadata:
|
||||
name: oidc-gateway
|
||||
spec:
|
||||
persistent: false
|
||||
replicas: 3
|
||||
capacity: 512Mi
|
||||
class: ephemeral
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
@ -69,7 +72,7 @@ spec:
|
||||
serviceAccountName: oidc-gateway
|
||||
containers:
|
||||
- name: oidc-key-manager
|
||||
image: codemowers/oidc-gateway
|
||||
image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
|
||||
command: [ '/app/node_modules/.bin/key-manager', 'initialize', '-c', 'cluster' ]
|
||||
restartPolicy: Never
|
||||
---
|
||||
@ -92,7 +95,7 @@ spec:
|
||||
serviceAccountName: oidc-gateway
|
||||
containers:
|
||||
- name: oidc-gateway
|
||||
image: codemowers/oidc-gateway
|
||||
image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
env:
|
||||
@ -105,7 +108,7 @@ spec:
|
||||
- name: GROUP_PREFIX
|
||||
value: 'k-space'
|
||||
- name: ADMIN_GROUP
|
||||
value: 'k-space:admins'
|
||||
value: 'github.com:codemowers:admins'
|
||||
# - name: REQUIRED_GROUP # allow everyone to authenticate, limit access to services on client level.
|
||||
# value: 'codemowers:users'
|
||||
- name: GITHUB_ORGANIZATION # if not set, gateway will add user groups from all organizations that (s)he granted access for.
|
||||
@ -124,7 +127,7 @@ spec:
|
||||
- secretRef:
|
||||
name: oidc-keys
|
||||
- secretRef:
|
||||
name: oidc-gateway-email-credentials
|
||||
name: email-credentials
|
||||
- secretRef:
|
||||
name: github-client
|
||||
- secretRef:
|
||||
|
Loading…
Reference in New Issue
Block a user