1
0
forked from k-space/kube

update readme

This commit is contained in:
Erki Aas 2024-07-30 12:40:01 +03:00
parent 27a5fe14c7
commit 336ab2efa2

View File

@ -18,7 +18,7 @@ Jump to docs: [inventory-app](hackerspace/README.md) / [cameras](camtiler/README
- [Slack bots](SLACK.md) and Kubernetes [CLUSTER.md](CLUSTER.md) itself. - [Slack bots](SLACK.md) and Kubernetes [CLUSTER.md](CLUSTER.md) itself.
[^nonginx]: No nginx annotations! Use `kind: Ingress` instead. `IngressRoute` is not used as it doesn't support [`external-dns`](bind/README.md) out of the box. [^nonginx]: No nginx annotations! Use `kind: Ingress` instead. `IngressRoute` is not used as it doesn't support [`external-dns`](bind/README.md) out of the box.
[^authz]: Applications should prefer `Remote-User` (`kind: OIDCGWMiddlewareClient`), which gates app exposure to the public internet. Where not applicable or possible, use OpenID Connect (`kind: OIDCClient`) for authentication. [^authz]: Applications should use OpenID Connect (`kind: OIDCClient`) for authentication, whereever possible. If not possible, use `kind: OIDCMiddlewareClient` client, which will provide authentication via a Traefik middleware (`traefik.ingress.kubernetes.io/router.middlewares: passmower-proxmox@kubernetescrd`). Sometimes you might use both for extra security.
### Databases / -stores: ### Databases / -stores:
- KeyDB: `kind: KeydbClaim` (replaces Redis[^redisdead]) - KeyDB: `kind: KeydbClaim` (replaces Redis[^redisdead])