1
0
forked from k-space/kube

oidc: fix deployment

This commit is contained in:
Erki Aas 2023-06-29 15:30:40 +03:00
parent be330ad121
commit 2493266aed

View File

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: oidc-gateway-default
name: oidc-gateway
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -10,6 +10,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: oidc-gateway
namespace: oidc-gateway
---
apiVersion: v1
kind: ServiceAccount
@ -17,10 +18,12 @@ metadata:
name: oidc-gateway
---
apiVersion: codemowers.io/v1alpha1
kind: KeyDBCluster
kind: Redis
metadata:
name: oidc-gateway
spec:
persistent: false
replicas: 3
capacity: 512Mi
class: ephemeral
---
apiVersion: networking.k8s.io/v1
kind: Ingress
@ -69,7 +72,7 @@ spec:
serviceAccountName: oidc-gateway
containers:
- name: oidc-key-manager
image: codemowers/oidc-gateway
image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
command: [ '/app/node_modules/.bin/key-manager', 'initialize', '-c', 'cluster' ]
restartPolicy: Never
---
@ -92,7 +95,7 @@ spec:
serviceAccountName: oidc-gateway
containers:
- name: oidc-gateway
image: codemowers/oidc-gateway
image: harbor.k-space.ee/docker.io/codemowers/oidc-gateway
ports:
- containerPort: 3000
env:
@ -105,7 +108,7 @@ spec:
- name: GROUP_PREFIX
value: 'k-space'
- name: ADMIN_GROUP
value: 'k-space:admins'
value: 'github.com:codemowers:admins'
# - name: REQUIRED_GROUP # allow everyone to authenticate, limit access to services on client level.
# value: 'codemowers:users'
- name: GITHUB_ORGANIZATION # if not set, gateway will add user groups from all organizations that (s)he granted access for.
@ -124,7 +127,7 @@ spec:
- secretRef:
name: oidc-keys
- secretRef:
name: oidc-gateway-email-credentials
name: email-credentials
- secretRef:
name: github-client
- secretRef: