Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gitea Actions Bot
|
6be43864a8 | ||
 ab
|
24218d4d50 | ||
|
ab
|
70b652b079 | ||
 Ultradesu
|
f6ad2edde4 |
@@ -1,12 +0,0 @@
|
|||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- ./app.yaml
|
|
||||||
- ./deployment.yaml
|
|
||||||
- ./external-secret.yaml
|
|
||||||
- ./ingress.yaml
|
|
||||||
- ./kustomization.yaml
|
|
||||||
- ./rbac.yaml
|
|
||||||
- ./service-account.yaml
|
|
||||||
- ./service.yaml
|
|
||||||
+13
-14
@@ -25,7 +25,7 @@ configs:
|
|||||||
timeout.reconciliation: 60s
|
timeout.reconciliation: 60s
|
||||||
oidc.config: |
|
oidc.config: |
|
||||||
name: Authentik
|
name: Authentik
|
||||||
issuer: https://idm.hexor.cy/application/o/argocd/
|
issuer: https://auth.hexor.cy/auth/realms/hexor
|
||||||
clientID: $oidc-creds:id
|
clientID: $oidc-creds:id
|
||||||
clientSecret: $oidc-creds:secret
|
clientSecret: $oidc-creds:secret
|
||||||
requestedScopes: ["openid", "profile", "email", "groups", "offline_access"]
|
requestedScopes: ["openid", "profile", "email", "groups", "offline_access"]
|
||||||
@@ -35,20 +35,19 @@ configs:
|
|||||||
create: true
|
create: true
|
||||||
policy.default: ""
|
policy.default: ""
|
||||||
policy.csv: |
|
policy.csv: |
|
||||||
# Bound OIDC Group and internal role
|
g, game-servers-managers, GameServersManagersRole
|
||||||
g, Game Servers Managers, GameServersManagersRole
|
# Role permissions
|
||||||
# Role permissions
|
p, GameServersManagersRole, applications, get, games/*, allow
|
||||||
p, GameServersManagersRole, applications, get, games/*, allow
|
p, GameServersManagersRole, applications, update, games/*, allow
|
||||||
p, GameServersManagersRole, applications, update, games/*, allow
|
p, GameServersManagersRole, applications, sync, games/*, allow
|
||||||
p, GameServersManagersRole, applications, sync, games/*, allow
|
p, GameServersManagersRole, applications, override, games/*, allow
|
||||||
p, GameServersManagersRole, applications, override, games/*, allow
|
p, GameServersManagersRole, applications, action/*, games/*, allow
|
||||||
p, GameServersManagersRole, applications, action/*, games/*, allow
|
p, GameServersManagersRole, exec, create, games/*, allow
|
||||||
p, GameServersManagersRole, exec, create, games/*, allow
|
p, GameServersManagersRole, logs, get, games/*, allow
|
||||||
p, GameServersManagersRole, logs, get, games/*, allow
|
p, GameServersManagersRole, applications, delete, games/*, deny
|
||||||
p, GameServersManagersRole, applications, delete, games/*, deny
|
|
||||||
|
|
||||||
# Admin policy
|
# Admin policy
|
||||||
g, ArgoCD Admins, role:admin
|
g, argocd-admins, role:admin
|
||||||
|
|
||||||
secret:
|
secret:
|
||||||
createSecret: true
|
createSecret: true
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: auth-proxy
|
- name: auth-proxy
|
||||||
image: ultradesu/rsauth2-proxy:0.1.0
|
image: ultradesu/rsauth2-proxy:latest
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
name: http
|
name: http
|
||||||
|
|||||||
Reference in New Issue
Block a user