dex/contrib/k8s/dex-overlord.yaml

apiVersion: v1
kind: Secret
metadata:
  name: dex
type: Opaque
data:
  key-secrets: ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIZz0= # 32 x's base64 encoded twice.
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: dex-connectors
data:
  connector.json: |
    [
      {
        "id": "local",
        "type": "local"
      }
    ]
    # google-connector.json: | 
    #   [{
    #     "id": "google",
    #     "type": "oidc",
    #     "issuerURL": "https://accounts.google.com",
    #     "clientID": "<your id here>",
    #     "clientSecret": "<your secret here>",
    #     "trustedEmailProvider": true
    #   }]
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: dex
    role: overlord
  name: dex-overlord
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: dex
        role: overlord
    spec:
      containers:
          - image: quay.io/coreos/dex
            name: dex-overlord
            env:
              - name: DEX_OVERLORD_DB_URL
                value: postgres://postgres@dex-postgres:5432/postgres?sslmode=disable
              - name: DEX_OVERLORD_ADMIN_LISTEN
                value: http://0.0.0.0:5557
              - name: DEX_OVERLORD_KEY_SECRETS
                valueFrom:
                  secretKeyRef:
                    name: dex
                    key: key-secrets
            command:
              - "/opt/dex/bin/dex-overlord"
            ports:
            - containerPort: 5557
              name: overlord-port
            livenessProbe:
              httpGet: &health
                path: /health
                port: 5557
              initialDelaySeconds: 15
              timeoutSeconds: 1
            readinessProbe:
              httpGet: *health
              initialDelaySeconds: 5
              timeoutSeconds: 5
              periodSeconds: 5
            resources:
              requests: { cpu: 500m, memory: 512Mi }
            volumeMounts:
              - name: connectors
                mountPath: /etc/dex-connectors
              # In production, you will likely want to include your own trusted
              # /etc/ca-certificates and /etc/ssl in your container.
              - name: ca
                mountPath: /etc/ca-certificates
                readOnly: true
              - name: ssl
                mountPath: /etc/ssl
                readOnly: true
      volumes:
        - name: connectors
          configMap:
            name: dex-connectors
        - name: ca
          hostPath:
            path: /etc/ca-certificates
        - name: ssl
          hostPath:
            path: /etc/ssl
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: dex
    role: overlord
  name: dex-overlord
spec:
  ports:
    - port: 5557
  selector:
    app: dex
    role: overlord
contrib/k8s: update to use 1.2 features - Consolidate files - Update to Deployments - Use Ingress, add ingress controller help in README - Remove hardcoded namespace in postgres URI - Remove hardcoded IP addresses - Add readinessProbes 2016-04-09 12:58:03 +05:30			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: dex`
			`type: Opaque`
			`data:`
			`key-secrets: ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIZz0= # 32 x's base64 encoded twice.`
			`---`
reordered dex-overlord.yaml 2016-04-21 03:09:18 +05:30			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: dex-connectors`
			`data:`
			`connector.json: \|`
			`[`
			`{`
			`"id": "local",`
			`"type": "local"`
			`}`
			`]`
			`# google-connector.json: \|`
			`# [{`
			`# "id": "google",`
			`# "type": "oidc",`
			`# "issuerURL": "https://accounts.google.com",`
			`# "clientID": "<your id here>",`
			`# "clientSecret": "<your secret here>",`
			`# "trustedEmailProvider": true`
			`# }]`
			`---`
contrib/k8s: update to use 1.2 features - Consolidate files - Update to Deployments - Use Ingress, add ingress controller help in README - Remove hardcoded namespace in postgres URI - Remove hardcoded IP addresses - Add readinessProbes 2016-04-09 12:58:03 +05:30			`apiVersion: extensions/v1beta1`
			`kind: Deployment`
			`metadata:`
			`labels:`
			`app: dex`
			`role: overlord`
			`name: dex-overlord`
			`spec:`
			`replicas: 1`
			`template:`
			`metadata:`
			`labels:`
			`app: dex`
			`role: overlord`
			`spec:`
			`containers:`
			`- image: quay.io/coreos/dex`
			`name: dex-overlord`
			`env:`
			`- name: DEX_OVERLORD_DB_URL`
			`value: postgres://postgres@dex-postgres:5432/postgres?sslmode=disable`
			`- name: DEX_OVERLORD_ADMIN_LISTEN`
			`value: http://0.0.0.0:5557`
			`- name: DEX_OVERLORD_KEY_SECRETS`
			`valueFrom:`
			`secretKeyRef:`
			`name: dex`
			`key: key-secrets`
			`command:`
			`- "/opt/dex/bin/dex-overlord"`
			`ports:`
			`- containerPort: 5557`
			`name: overlord-port`
			`livenessProbe:`
contrib/k8s: YAML brevity via references, add min. resource requests - Add resources for deployments - Add readiness probe for master - Use YAML references for easier maintenance/readability 2016-04-22 04:14:34 +05:30			`httpGet: &health`
contrib/k8s: update to use 1.2 features - Consolidate files - Update to Deployments - Use Ingress, add ingress controller help in README - Remove hardcoded namespace in postgres URI - Remove hardcoded IP addresses - Add readinessProbes 2016-04-09 12:58:03 +05:30			`path: /health`
			`port: 5557`
contrib/k8s: YAML brevity via references, add min. resource requests - Add resources for deployments - Add readiness probe for master - Use YAML references for easier maintenance/readability 2016-04-22 04:14:34 +05:30			`initialDelaySeconds: 15`
contrib/k8s: update to use 1.2 features - Consolidate files - Update to Deployments - Use Ingress, add ingress controller help in README - Remove hardcoded namespace in postgres URI - Remove hardcoded IP addresses - Add readinessProbes 2016-04-09 12:58:03 +05:30			`timeoutSeconds: 1`
contrib/k8s: YAML brevity via references, add min. resource requests - Add resources for deployments - Add readiness probe for master - Use YAML references for easier maintenance/readability 2016-04-22 04:14:34 +05:30			`readinessProbe:`
			`httpGet: *health`
			`initialDelaySeconds: 5`
			`timeoutSeconds: 5`
			`periodSeconds: 5`
			`resources:`
			`requests: { cpu: 500m, memory: 512Mi }`
contrib/k8s: update to use 1.2 features - Consolidate files - Update to Deployments - Use Ingress, add ingress controller help in README - Remove hardcoded namespace in postgres URI - Remove hardcoded IP addresses - Add readinessProbes 2016-04-09 12:58:03 +05:30			`volumeMounts:`
			`- name: connectors`
			`mountPath: /etc/dex-connectors`
			`# In production, you will likely want to include your own trusted`
			`# /etc/ca-certificates and /etc/ssl in your container.`
			`- name: ca`
			`mountPath: /etc/ca-certificates`
			`readOnly: true`
			`- name: ssl`
			`mountPath: /etc/ssl`
			`readOnly: true`
			`volumes:`
			`- name: connectors`
			`configMap:`
			`name: dex-connectors`
			`- name: ca`
			`hostPath:`
			`path: /etc/ca-certificates`
			`- name: ssl`
			`hostPath:`
			`path: /etc/ssl`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`labels:`
			`app: dex`
			`role: overlord`
			`name: dex-overlord`
			`spec:`
			`ports:`
			`- port: 5557`
			`selector:`
			`app: dex`
			`role: overlord`
reordered dex-overlord.yaml 2016-04-21 03:09:18 +05:30