This repository was archived by the owner on May 17, 2024. It is now read-only.
File tree Expand file tree Collapse file tree 4 files changed +28
-95
lines changed Expand file tree Collapse file tree 4 files changed +28
-95
lines changed Load Diff This file was deleted.
Load Diff This file was deleted.
Original file line number Diff line number Diff line change 2828 app : kube-oidc-proxy
2929 spec :
3030 containers :
31- - image : gcr .io/jetstack-josh /kube-oidc-proxy
31+ - image : quay .io/jetstack/kube-oidc-proxy
3232 ports :
3333 - containerPort : 443
3434 - containerPort : 8080
@@ -109,7 +109,27 @@ metadata:
109109roleRef :
110110 apiGroup : rbac.authorization.k8s.io
111111 kind : ClusterRole
112- name : cluster-admin
112+ name : kube-oidc-proxy
113113subjects :
114114- kind : User
115115 name : system:serviceaccount:kube-oidc-proxy:default
116+ ---
117+ kind : ClusterRole
118+ apiVersion : rbac.authorization.k8s.io/v1
119+ metadata :
120+ name : kube-oidc-proxy
121+ rules :
122+ - apiGroups :
123+ - " "
124+ resources :
125+ - " users"
126+ - " groups"
127+ - " serviceaccounts"
128+ verbs :
129+ - " impersonate"
130+ - apiGroups :
131+ - " authentication.k8s.io"
132+ resources :
133+ - " userextras/scopes"
134+ verbs :
135+ - " impersonate"
Original file line number Diff line number Diff line change 11apiVersion : v1
22data :
3- tls.crt : SERVING_TLS_CERT
4- tls.key : SERVING_TLS_KEY
3+ tls.crt : {{ SERVING_TLS_CERT }}
4+ tls.key : {{ SERVING_TLS_KEY }}
55kind : Secret
66metadata :
77 name : kube-oidc-proxy-serving
@@ -10,10 +10,10 @@ type: kubernetes.io/tls
1010---
1111apiVersion : v1
1212data :
13- oidc.ca-pem :
14- oidc.issuer-url :
15- oidc.username-claim :
16- oidc.client-id :
13+ oidc.ca-pem : {{ OIDC_CA }}
14+ oidc.issuer-url : {{ OIDC_ISSUER_URL }}
15+ oidc.username-claim : {{ OIDC_USERNAME_CLAIM }}
16+ oidc.client-id : {{ OIDC_CLIENT_ID }}
1717kind : Secret
1818metadata :
1919 name : kube-oidc-proxy-config
You can’t perform that action at this time.
0 commit comments