c459e09098
- Add resources for deployments - Add readiness probe for master - Use YAML references for easier maintenance/readability
112 lines
2.7 KiB
YAML
112 lines
2.7 KiB
YAML
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: dex
|
|
type: Opaque
|
|
data:
|
|
key-secrets: ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIaDRlSGg0ZUhoNGVIZz0= # 32 x's base64 encoded twice.
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: dex-connectors
|
|
data:
|
|
connector.json: |
|
|
[
|
|
{
|
|
"id": "local",
|
|
"type": "local"
|
|
}
|
|
]
|
|
# google-connector.json: |
|
|
# [{
|
|
# "id": "google",
|
|
# "type": "oidc",
|
|
# "issuerURL": "https://accounts.google.com",
|
|
# "clientID": "<your id here>",
|
|
# "clientSecret": "<your secret here>",
|
|
# "trustedEmailProvider": true
|
|
# }]
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: dex
|
|
role: overlord
|
|
name: dex-overlord
|
|
spec:
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: dex
|
|
role: overlord
|
|
spec:
|
|
containers:
|
|
- image: quay.io/coreos/dex
|
|
name: dex-overlord
|
|
env:
|
|
- name: DEX_OVERLORD_DB_URL
|
|
value: postgres://postgres@dex-postgres:5432/postgres?sslmode=disable
|
|
- name: DEX_OVERLORD_ADMIN_LISTEN
|
|
value: http://0.0.0.0:5557
|
|
- name: DEX_OVERLORD_KEY_SECRETS
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: dex
|
|
key: key-secrets
|
|
command:
|
|
- "/opt/dex/bin/dex-overlord"
|
|
ports:
|
|
- containerPort: 5557
|
|
name: overlord-port
|
|
livenessProbe:
|
|
httpGet: &health
|
|
path: /health
|
|
port: 5557
|
|
initialDelaySeconds: 15
|
|
timeoutSeconds: 1
|
|
readinessProbe:
|
|
httpGet: *health
|
|
initialDelaySeconds: 5
|
|
timeoutSeconds: 5
|
|
periodSeconds: 5
|
|
resources:
|
|
requests: { cpu: 500m, memory: 512Mi }
|
|
volumeMounts:
|
|
- name: connectors
|
|
mountPath: /etc/dex-connectors
|
|
# In production, you will likely want to include your own trusted
|
|
# /etc/ca-certificates and /etc/ssl in your container.
|
|
- name: ca
|
|
mountPath: /etc/ca-certificates
|
|
readOnly: true
|
|
- name: ssl
|
|
mountPath: /etc/ssl
|
|
readOnly: true
|
|
volumes:
|
|
- name: connectors
|
|
configMap:
|
|
name: dex-connectors
|
|
- name: ca
|
|
hostPath:
|
|
path: /etc/ca-certificates
|
|
- name: ssl
|
|
hostPath:
|
|
path: /etc/ssl
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: dex
|
|
role: overlord
|
|
name: dex-overlord
|
|
spec:
|
|
ports:
|
|
- port: 5557
|
|
selector:
|
|
app: dex
|
|
role: overlord
|
|
|