simon/kube
1
0
Fork 0
forked from k-space/kube
Code Pull Requests Activity

oidc: fix deployment

Browse Source
This commit is contained in:
Erki Aas 2023-06-29 15:30:40 +03:00
parent be330ad121
commit 2493266aed
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
oidc-gateway/deployment.yml
View File

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: oidc-gateway-default name: oidc-gateway
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -10,6 +10,7 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: oidc-gateway name: oidc-gateway
namespace: oidc-gateway
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@ -17,10 +18,12 @@ metadata:
name: oidc-gateway name: oidc-gateway
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: KeyDBCluster kind: Redis
metadata:
name: oidc-gateway
spec: spec:
persistent: false capacity: 512Mi
replicas: 3 class: ephemeral
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
@ -69,7 +72,7 @@ spec:
serviceAccountName: oidc-gateway serviceAccountName: oidc-gateway
containers: containers:
- name: oidc-key-manager - name: oidc-key-manager
image: codemowers/oidc-gateway image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
command: [ '/app/node_modules/.bin/key-manager', 'initialize', '-c', 'cluster' ] command: [ '/app/node_modules/.bin/key-manager', 'initialize', '-c', 'cluster' ]
restartPolicy: Never restartPolicy: Never
--- ---
@ -92,7 +95,7 @@ spec:
serviceAccountName: oidc-gateway serviceAccountName: oidc-gateway
containers: containers:
- name: oidc-gateway - name: oidc-gateway
image: codemowers/oidc-gateway image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
ports: ports:
- containerPort: 3000 - containerPort: 3000
env: env:
@ -105,7 +108,7 @@ spec:
- name: GROUP_PREFIX - name: GROUP_PREFIX
value: 'k-space' value: 'k-space'
- name: ADMIN_GROUP - name: ADMIN_GROUP
value: 'k-space:admins' value: 'github.com:codemowers:admins'
# - name: REQUIRED_GROUP # allow everyone to authenticate, limit access to services on client level. # - name: REQUIRED_GROUP # allow everyone to authenticate, limit access to services on client level.
# value: 'codemowers:users' # value: 'codemowers:users'
- name: GITHUB_ORGANIZATION # if not set, gateway will add user groups from all organizations that (s)he granted access for. - name: GITHUB_ORGANIZATION # if not set, gateway will add user groups from all organizations that (s)he granted access for.
@ -124,7 +127,7 @@ spec:
- secretRef: - secretRef:
name: oidc-keys name: oidc-keys
- secretRef: - secretRef:
name: oidc-gateway-email-credentials name: email-credentials
- secretRef: - secretRef:
name: github-client name: github-client
- secretRef: - secretRef: