forked from mystiq/dex
Merge pull request #1899 from lcc3108/master
update example/k8s/dex.yaml
This commit is contained in:
commit
a7a92b0513
1 changed files with 23 additions and 5 deletions
|
@ -1,11 +1,21 @@
|
||||||
apiVersion: extensions/v1beta1
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: dex
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app: dex
|
app: dex
|
||||||
name: dex
|
name: dex
|
||||||
|
namespace: dex
|
||||||
spec:
|
spec:
|
||||||
replicas: 3
|
replicas: 3
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: dex
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
|
@ -13,7 +23,7 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: dex # This is created below
|
serviceAccountName: dex # This is created below
|
||||||
containers:
|
containers:
|
||||||
- image: quay.io/dexidp/dex:v2.10.0
|
- image: dexidp/dex:v2.27.0 #or quay.io/dexidp/dex:v2.26.0
|
||||||
name: dex
|
name: dex
|
||||||
command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]
|
command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]
|
||||||
|
|
||||||
|
@ -38,6 +48,11 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: github-client
|
name: github-client
|
||||||
key: client-secret
|
key: client-secret
|
||||||
|
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: 5556
|
||||||
volumes:
|
volumes:
|
||||||
- name: config
|
- name: config
|
||||||
configMap:
|
configMap:
|
||||||
|
@ -53,6 +68,7 @@ kind: ConfigMap
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
metadata:
|
metadata:
|
||||||
name: dex
|
name: dex
|
||||||
|
namespace: dex
|
||||||
data:
|
data:
|
||||||
config.yaml: |
|
config.yaml: |
|
||||||
issuer: https://dex.example.com:32000
|
issuer: https://dex.example.com:32000
|
||||||
|
@ -95,6 +111,7 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: dex
|
name: dex
|
||||||
|
namespace: dex
|
||||||
spec:
|
spec:
|
||||||
type: NodePort
|
type: NodePort
|
||||||
ports:
|
ports:
|
||||||
|
@ -112,8 +129,9 @@ metadata:
|
||||||
labels:
|
labels:
|
||||||
app: dex
|
app: dex
|
||||||
name: dex
|
name: dex
|
||||||
|
namespace: dex
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: dex
|
name: dex
|
||||||
|
@ -125,7 +143,7 @@ rules:
|
||||||
resources: ["customresourcedefinitions"]
|
resources: ["customresourcedefinitions"]
|
||||||
verbs: ["create"] # To manage its own resources, dex must be able to create customresourcedefinitions
|
verbs: ["create"] # To manage its own resources, dex must be able to create customresourcedefinitions
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: dex
|
name: dex
|
||||||
|
@ -136,4 +154,4 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: dex # Service account assigned to the dex pod, created above
|
name: dex # Service account assigned to the dex pod, created above
|
||||||
namespace: default # The namespace dex is running in
|
namespace: dex # The namespace dex is running in
|
||||||
|
|
Loading…
Reference in a new issue