oidc: fix deployment

2023-06-29 15:30:40 +03:00
parent be330ad121
commit 2493266aed
1 changed files with 11 additions and 8 deletions
--- a/oidc-gateway/deployment.yml
+++ b/oidc-gateway/deployment.yml
@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: oidc-gateway-default
+  name: oidc-gateway
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@@ -10,6 +10,7 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: oidc-gateway
+    namespace: oidc-gateway
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -17,10 +18,12 @@ metadata:
  name: oidc-gateway
 ---
 apiVersion: codemowers.io/v1alpha1
-kind: KeyDBCluster
+kind: Redis
+metadata:
+  name: oidc-gateway
 spec:
-  persistent: false
-  replicas: 3
+  capacity: 512Mi
+  class: ephemeral
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
@@ -69,7 +72,7 @@ spec:
      serviceAccountName: oidc-gateway
      containers:
        - name: oidc-key-manager
-          image: codemowers/oidc-gateway
+          image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
          command: [ '/app/node_modules/.bin/key-manager', 'initialize', '-c', 'cluster' ]
      restartPolicy: Never
 ---
@@ -92,7 +95,7 @@ spec:
      serviceAccountName: oidc-gateway
      containers:
        - name: oidc-gateway
-          image: codemowers/oidc-gateway
+          image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
          ports:
            - containerPort: 3000
          env:
@@ -105,7 +108,7 @@ spec:
            - name: GROUP_PREFIX
              value: 'k-space'
            - name: ADMIN_GROUP
-              value: 'k-space:admins'
+              value: 'github.com:codemowers:admins'
 #            - name: REQUIRED_GROUP # allow everyone to authenticate, limit access to services on client level.
 #              value: 'codemowers:users'
            - name: GITHUB_ORGANIZATION # if not set, gateway will add user groups from all organizations that (s)he granted access for.
@@ -124,7 +127,7 @@ spec:
            - secretRef:
                name: oidc-keys
            - secretRef:
-                name: oidc-gateway-email-credentials
+                name: email-credentials
            - secretRef:
                name: github-client
            - secretRef: