Merge pull request #1899 from lcc3108/master

update example/k8s/dex.yaml
This commit is contained in:
Márk Sági-Kazár 2021-02-10 13:44:13 +01:00 committed by GitHub
commit a7a92b0513
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,11 +1,21 @@
apiVersion: extensions/v1beta1 ---
apiVersion: v1
kind: Namespace
metadata:
name: dex
---
apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
app: dex app: dex
name: dex name: dex
namespace: dex
spec: spec:
replicas: 3 replicas: 3
selector:
matchLabels:
app: dex
template: template:
metadata: metadata:
labels: labels:
@ -13,7 +23,7 @@ spec:
spec: spec:
serviceAccountName: dex # This is created below serviceAccountName: dex # This is created below
containers: containers:
- image: quay.io/dexidp/dex:v2.10.0 - image: dexidp/dex:v2.27.0 #or quay.io/dexidp/dex:v2.26.0
name: dex name: dex
command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"] command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]
@ -38,6 +48,11 @@ spec:
secretKeyRef: secretKeyRef:
name: github-client name: github-client
key: client-secret key: client-secret
readinessProbe:
httpGet:
path: /healthz
port: 5556
volumes: volumes:
- name: config - name: config
configMap: configMap:
@ -53,6 +68,7 @@ kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: dex name: dex
namespace: dex
data: data:
config.yaml: | config.yaml: |
issuer: https://dex.example.com:32000 issuer: https://dex.example.com:32000
@ -95,6 +111,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: dex name: dex
namespace: dex
spec: spec:
type: NodePort type: NodePort
ports: ports:
@ -112,8 +129,9 @@ metadata:
labels: labels:
app: dex app: dex
name: dex name: dex
namespace: dex
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: dex name: dex
@ -125,7 +143,7 @@ rules:
resources: ["customresourcedefinitions"] resources: ["customresourcedefinitions"]
verbs: ["create"] # To manage its own resources, dex must be able to create customresourcedefinitions verbs: ["create"] # To manage its own resources, dex must be able to create customresourcedefinitions
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: dex name: dex
@ -136,4 +154,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: dex # Service account assigned to the dex pod, created above name: dex # Service account assigned to the dex pod, created above
namespace: default # The namespace dex is running in namespace: dex # The namespace dex is running in