Dex Function - Treasure Map
This patchset provides the Dex function manifests for deploying it in a Target cluster, based on Helm charts. Change-Id: Ia48ed7d639e4e1c712af03ad876a82f8e24be7b7
This commit is contained in:
parent
1144e50bae
commit
b777d7c9ce
|
@ -0,0 +1,17 @@
|
|||
# DEX-AIO function
|
||||
|
||||
The DEX-AIO function deploys the Dex Authentication service as well as provides the Target cluster's API server with OIDC flags configuration.
|
||||
The rationale to have both located under the ***dex-aio*** function is because the Target cluster's API server and Dex are deployed as tandem, sharing some information such as certificates.
|
||||
|
||||
## API Server OIDC Configuration
|
||||
The folder ***api-server*** contains the manifest needed to configure the OIDC flags as *extraArgs* for the API server for the Target cluster.
|
||||
The manifests under this folder expects that deployment of Control Plane nodes is done throught CAPI Management Cluster.
|
||||
|
||||
Kustomization manifest(s) can be found under *api-server/replacements* with default replacement values located in *catalogue* folder.
|
||||
|
||||
## DEX AIO Deployment
|
||||
The folder ***dex*** contains the manifests needed to deploy ***dex-aio*** service in a Target cluster.
|
||||
Kustomization manifest(s) can be found under *dex/replacements* with default replacement values located in *catalogue* folder.
|
||||
|
||||
## Variable Catalogue for DEX-AIO function
|
||||
The folder ***catalogue*** contains the variables used to customize the deployment of the API server and Dex.
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: target-cluster-control-plane-dex-crt
|
||||
namespace: default
|
||||
type: Opaque
|
||||
data:
|
||||
dex-cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
|
@ -0,0 +1,15 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../../../airshipctl/manifests/function/k8scontrol-capz/v0.4.9
|
||||
- ../catalogue
|
||||
- dex-cert-secret.yaml
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: controlplane.cluster.x-k8s.io
|
||||
version: v1alpha3
|
||||
kind: KubeadmControlPlane
|
||||
name: "target-cluster-control-plane"
|
||||
path: oidc_api_server_flags.json
|
|
@ -0,0 +1,23 @@
|
|||
[
|
||||
{ "op": "add","path": "/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraVolumes/1",
|
||||
"value": {
|
||||
"hostPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"mountPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"name": "dex-cert",
|
||||
"readOnly": true
|
||||
}
|
||||
},
|
||||
{ "op": "add","path": "/spec/kubeadmConfigSpec/files/1",
|
||||
"value": {
|
||||
"contentFrom": {
|
||||
"secret": {
|
||||
"key": "dex-cert",
|
||||
"name": "target-cluster-control-plane-dex-crt"
|
||||
}
|
||||
},
|
||||
"owner": "root:root",
|
||||
"path": "/etc/kubernetes/certs/dex-cert",
|
||||
"permissions": "0644"
|
||||
}
|
||||
}
|
||||
]
|
|
@ -0,0 +1,95 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: dex-controlplane-replacements
|
||||
replacements:
|
||||
# Dex Secrets for Certificates
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.tls.crt-b64
|
||||
target:
|
||||
objref:
|
||||
kind: Secret
|
||||
name: target-cluster-control-plane-dex-crt
|
||||
fieldrefs: [".data.dex-cert"]
|
||||
# KubeadmControlPlane for Dex
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-issuer-url
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-issuer-url"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-client-id
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-client-id"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-claim
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-username-claim"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-username-prefix
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-username-prefix"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-groups-claim
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-groups-claim"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.kubeadm.api-server.extra-args.oidc-ca-file
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmControlPlane
|
||||
fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraArgs.oidc-ca-file"]
|
||||
# - source:
|
||||
# objref:
|
||||
# name: dex-catalogue
|
||||
# fieldref: dex.kubeadm.api-server.extra-volumes.dex
|
||||
# target:
|
||||
# objref:
|
||||
# kind: KubeadmControlPlane
|
||||
# fieldrefs: [".spec.kubeadmConfigSpec.clusterConfiguration.apiServer.extraVolumes[0]"]
|
||||
# - source:
|
||||
# objref:
|
||||
# name: dex-catalogue
|
||||
# fieldref: dex.kubeadm.files.dex
|
||||
# target:
|
||||
# objref:
|
||||
# kind: KubeadmControlPlane
|
||||
# fieldrefs: [".spec.kubeadmConfigSpec.files[0]"]
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- apiserver-replacements.yaml
|
||||
- ../../catalogue/cleanup
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: builtin
|
||||
kind: PatchStrategicMergeTransformer
|
||||
metadata:
|
||||
name: dex-catalogue-cleanup
|
||||
patches: |-
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: dex-catalogue
|
||||
$patch: delete
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- dex-delete-catalogue.yaml
|
|
@ -0,0 +1,124 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# USAGE: to change cluster name, replace all ocurrences of "dex-target-cluster"
|
||||
# by new cluster name in this file.
|
||||
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: VariableCatalogue
|
||||
metadata:
|
||||
name: dex-catalogue
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
dex:
|
||||
site:
|
||||
name: Core
|
||||
endpoints:
|
||||
hostname: dex.core.local
|
||||
port:
|
||||
https: 5556
|
||||
http: 5554
|
||||
nodePort:
|
||||
https: 31556
|
||||
http: 31554
|
||||
oidc:
|
||||
client_id: core-kubernetes
|
||||
client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
|
||||
service:
|
||||
type: LoadBalancer
|
||||
kubeadm:
|
||||
api-server:
|
||||
extra-args:
|
||||
oidc-issuer-url: https://dex.core.local:5556/dex
|
||||
oidc-client-id: core-kubernetes
|
||||
oidc-username-claim: email
|
||||
oidc-username-prefix: "oidc:"
|
||||
oidc-groups-claim: groups
|
||||
oidc-ca-file: /etc/kubernetes/certs/dex-cert
|
||||
extra-volumes:
|
||||
dex:
|
||||
{
|
||||
"hostPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"mountPath": "/etc/kubernetes/certs/dex-cert",
|
||||
"name": "dex-cert",
|
||||
"readOnly": true
|
||||
}
|
||||
files:
|
||||
dex:
|
||||
{
|
||||
"contentFrom": {
|
||||
"secret": {
|
||||
"key": "dex-cert",
|
||||
"name": "target-cluster-control-plane-dex-crt"
|
||||
}
|
||||
},
|
||||
"owner": "root:root",
|
||||
"path": "/etc/kubernetes/certs/dex-cert",
|
||||
"permissions": "0644"
|
||||
}
|
||||
tls:
|
||||
crt: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFzCCAf+gAwIBAgIUQG5rnXCN1XFVgV5J01OzryKcsYAwDQYJKoZIhvcNAQEL
|
||||
BQAwGzEZMBcGA1UEAwwQamFydmlzLWNhLWlzc3VlcjAeFw0yMTAxMjkxNTU2MDZa
|
||||
Fw0yMTAyMDgxNTU2MDZaMBsxGTAXBgNVBAMMEGphcnZpcy1jYS1pc3N1ZXIwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP+hxPsqvedmLtF0IyJE8U1YYA
|
||||
v8p1nWlP1pAqUpLY1Vq9ahdnwuff+jPmtoF+f5ws1164Ac+UlzVyt6WgSvVGtnC0
|
||||
Hsrbsi+PvMh3CtVOj3h/vN5a8ESHG+CoZO/hHEpc9k9BB4qRNTGSr+z7BkWNqTus
|
||||
lvFYOxnvzvCb8QI5kz5V3KJiREDqSEoow5lYIbVjQoPaj8ofulOZw/CTbhgfwDFx
|
||||
6T+Q3C3HcG2IrRtD7yeT684S6jDC06CYgGc9FkiyQhsju27IKqWOt1PGccWKPSnA
|
||||
43oNgkT6A00rfi48ICsppEwxBdz8FPPmTkNMoyG11RMcXAYggmBkXeRVDg2vAgMB
|
||||
AAGjUzBRMB0GA1UdDgQWBBRHNYlWAAc4zcKHn+MFc4UJRUIOqDAfBgNVHSMEGDAW
|
||||
gBRHNYlWAAc4zcKHn+MFc4UJRUIOqDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQAmSszZ4lBTNW88LK7CoeDcU0X/fWxpRtWi3eXmFssqS+/yMS5w
|
||||
ys+n4jPPZQDZZbjaGHa0DDYvTWEWx8U9ETqQMd+4dS/2EiwuTiDr3DimnB1NpGbf
|
||||
/Di2uFQVXt2RkoEYTbTsFK/Gk3E20l75epaspxrc+UaOtjdIl1g/mLVy3Oa8K39h
|
||||
iC3+nWdmokwImCXMJIqLXssJqJK6XEXCsdaQrqfgp9GibM8Pc+0Rbkcmo+ksrPrj
|
||||
trq23db6WtKqXVOpa/MTMXblIHjUif7NpzsDpkj470jwNDN9S6IHjEWZaQCMagp8
|
||||
JFH7vMItGzKqLDTjquMDfvHtw4/U1vmtjRZY
|
||||
-----END CERTIFICATE-----
|
||||
key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAz/ocT7Kr3nZi7RdCMiRPFNWGAL/KdZ1pT9aQKlKS2NVavWoX
|
||||
Z8Ln3/oz5raBfn+cLNdeuAHPlJc1creloEr1RrZwtB7K27Ivj7zIdwrVTo94f7ze
|
||||
WvBEhxvgqGTv4RxKXPZPQQeKkTUxkq/s+wZFjak7rJbxWDsZ787wm/ECOZM+Vdyi
|
||||
YkRA6khKKMOZWCG1Y0KD2o/KH7pTmcPwk24YH8Axcek/kNwtx3BtiK0bQ+8nk+vO
|
||||
EuowwtOgmIBnPRZIskIbI7tuyCqljrdTxnHFij0pwON6DYJE+gNNK34uPCArKaRM
|
||||
MQXc/BTz5k5DTKMhtdUTHFwGIIJgZF3kVQ4NrwIDAQABAoIBAEBObYKXFF1s7Zmx
|
||||
n14xq+IdQ5nns4o6ad2t0lXDwnQZRD1dGG+U7G1sx6+GrvOWMYwL69Wpea3QM06N
|
||||
SkEN7Fk5ABAxlTfpGJuxG6rzRpFL+05D79zefdHo5MYsr59DSBsGbesFkerkL7fT
|
||||
fcsAXXE36qOq6GUHoTVtHyiYlL+IILJEc4+XPFX+mOxDrRDKaIT5BiV9Kksi7kOZ
|
||||
FBZjcbBXcwuxSg0uxDm4hMiGshdJp+3Enum7pwXeU7OpaiDCF/icFCeNQ/MZaSP3
|
||||
TFMNsllQbmTAa/Aej1pU2nA0CucyNkVMvNlRjDi6qpdyp0roBQC62jCZHbG8dDci
|
||||
eG4UQgECgYEA9sWNDBv0zvQVcsqpwVXUdjsSRuAmtRWxgkC/U72TefvOwav3GeLM
|
||||
WMiepk4Iy2BqwE/SjAruvuVfOxN+U2/TnuAP/4cz5z8btFnjgtRSGHL+ZZpwcMNb
|
||||
2mqsaCu86s66tGQrmnrneFmWCVHX0ZOEUQmwH4bV4R4ifd7ETpK4UQ8CgYEA18Ep
|
||||
aVmt/ka2Cd1I7HgM2eWRBRuErQneDJdIbo3MxU5gXT0MQC2yoaXSTW5x2NvJ8lcK
|
||||
pTKZgJn54oNTkH1db8ZrwZ3tKFOgug64UpVrteVicjin/HKLfSUQ5YqjgsE3aO53
|
||||
Wmo9DBJ9qV2eYZVaCnkBvmE7LNs8IiXoOEQlOWECgYEA2b2YZh3o1g8zObWvMcOt
|
||||
E6Gtz9IK9W+t0DOXXqmBDnpshiFZiILBMnna2v0x71ok94m3SxB+dvxnGfZqWe7r
|
||||
OF2WYC8JUjsyE+HYyODVi3M0G6y5GBaY3tGPTN+C82D0ByX3/3gA9AWASLrphqf2
|
||||
cZbty/OqlteDMbM1XetCLWsCgYEAk/ySAwjYJ0kpI6r8kfXmGq8zwWUWo/nYrJo3
|
||||
vFzWz57qyglNldfCZs3uad4PiMd4xRie3KDQWT1EAPJDJyBWLozS7IL+YGK8I+Jk
|
||||
24BR2Pn1hJMH5khLFROPe2KUtOMCtp6ajxG/vcARIVJtiFGA6R4G7CaVCDd4D5Qg
|
||||
rDdRsQECgYAmZTXsx5BUUDkGaeOXNlLj9ZXTGVQDIro6UZ4t4sZ+cZ8Pk1oEnqGu
|
||||
JI4iknkRTX4zlEDY9TmVij+bU+vpVdwjV7ygoDA7WAYuv91dIji7VXPBIKdJnkmV
|
||||
UnFZc+n6xY/IkZGhb++ibdy9zj/sR1daCYyHRvy1h4s4+Ho41M598Q==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
crt-b64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
key-b64: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBei9vY1Q3S3IzblppN1JkQ01pUlBGTldHQUwvS2RaMXBUOWFRS2xLUzJOVmF2V29YClo4TG4zL296NXJhQmZuK2NMTmRldUFIUGxKYzFjcmVsb0VyMVJyWnd0QjdLMjdJdmo3eklkd3JWVG85NGY3emUKV3ZCRWh4dmdxR1R2NFJ4S1hQWlBRUWVLa1RVeGtxL3Mrd1pGamFrN3JKYnhXRHNaNzg3d20vRUNPWk0rVmR5aQpZa1JBNmtoS0tNT1pXQ0cxWTBLRDJvL0tIN3BUbWNQd2syNFlIOEF4Y2VrL2tOd3R4M0J0aUswYlErOG5rK3ZPCkV1b3d3dE9nbUlCblBSWklza0liSTd0dXlDcWxqcmRUeG5IRmlqMHB3T042RFlKRStnTk5LMzR1UENBckthUk0KTVFYYy9CVHo1azVEVEtNaHRkVVRIRndHSUlKZ1pGM2tWUTROcndJREFRQUJBb0lCQUVCT2JZS1hGRjFzN1pteApuMTR4cStJZFE1bm5zNG82YWQydDBsWER3blFaUkQxZEdHK1U3RzFzeDYrR3J2T1dNWXdMNjlXcGVhM1FNMDZOClNrRU43Rms1QUJBeGxUZnBHSnV4RzZyelJwRkwrMDVENzl6ZWZkSG81TVlzcjU5RFNCc0diZXNGa2Vya0w3ZlQKZmNzQVhYRTM2cU9xNkdVSG9UVnRIeWlZbEwrSUlMSkVjNCtYUEZYK21PeERyUkRLYUlUNUJpVjlLa3NpN2tPWgpGQlpqY2JCWGN3dXhTZzB1eERtNGhNaUdzaGRKcCszRW51bTdwd1hlVTdPcGFpRENGL2ljRkNlTlEvTVphU1AzClRGTU5zbGxRYm1UQWEvQWVqMXBVMm5BMEN1Y3lOa1ZNdk5sUmpEaTZxcGR5cDByb0JRQzYyakNaSGJHOGREY2kKZUc0VVFnRUNnWUVBOXNXTkRCdjB6dlFWY3NxcHdWWFVkanNTUnVBbXRSV3hna0MvVTcyVGVmdk93YXYzR2VMTQpXTWllcGs0SXkyQnF3RS9TakFydXZ1VmZPeE4rVTIvVG51QVAvNGN6NXo4YnRGbmpndFJTR0hMK1pacHdjTU5iCjJtcXNhQ3U4NnM2NnRHUXJtbnJuZUZtV0NWSFgwWk9FVVFtd0g0YlY0UjRpZmQ3RVRwSzRVUThDZ1lFQTE4RXAKYVZtdC9rYTJDZDFJN0hnTTJlV1JCUnVFclFuZURKZElibzNNeFU1Z1hUME1RQzJ5b2FYU1RXNXgyTnZKOGxjSwpwVEtaZ0puNTRvTlRrSDFkYjhacndaM3RLRk9ndWc2NFVwVnJ0ZVZpY2ppbi9IS0xmU1VRNVlxamdzRTNhTzUzCldtbzlEQko5cVYyZVlaVmFDbmtCdm1FN0xOczhJaVhvT0VRbE9XRUNnWUVBMmIyWVpoM28xZzh6T2JXdk1jT3QKRTZHdHo5SUs5Vyt0MERPWFhxbUJEbnBzaGlGWmlJTEJNbm5hMnYweDcxb2s5NG0zU3hCK2R2eG5HZlpxV2U3cgpPRjJXWUM4SlVqc3lFK0hZeU9EVmkzTTBHNnk1R0JhWTN0R1BUTitDODJEMEJ5WDMvM2dBOUFXQVNMcnBocWYyCmNaYnR5L09xbHRlRE1iTTFYZXRDTFdzQ2dZRUFrL3lTQXdqWUowa3BJNnI4a2ZYbUdxOHp3V1VXby9uWXJKbzMKdkZ6V3o1N3F5Z2xObGRmQ1pzM3VhZDRQaU1kNHhSaWUzS0RRV1QxRUFQSkRKeUJXTG96UzdJTCtZR0s4SStKawoyNEJSMlBuMWhKTUg1a2hMRlJPUGUyS1V0T01DdHA2YWp4Ry92Y0FSSVZKdGlGR0E2UjRHN0NhVkNEZDRENVFnCnJEZFJzUUVDZ1lBbVpUWHN4NUJVVURrR2FlT1hObExqOVpYVEdWUURJcm82VVo0dDRzWitjWjhQazFvRW5xR3UKSkk0aWtua1JUWDR6bEVEWTlUbVZpaitiVSt2cFZkd2pWN3lnb0RBN1dBWXV2OTFkSWppN1ZYUEJJS2RKbmttVgpVbkZaYytuNnhZL0lrWkdoYisraWJkeTl6ai9zUjFkYUNZeUhSdnkxaDRzNCtIbzQxTTU5OFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
||||
yaml:
|
||||
connector:
|
||||
connectors:
|
||||
- type: <your connector type, e.g., 'ldap'>
|
||||
id: <your connector id, e.g., 'ldap'>
|
||||
name: <your connector name, e.g., 'LDAP'>
|
|
@ -0,0 +1,5 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- dex-variable-catalogue.yaml
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1alpha3
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: dex-ca-issuer
|
||||
spec:
|
||||
ca:
|
||||
secretName: dex-ca-key-pair
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: dex-ca-key-pair
|
||||
namespace: cert-manager
|
||||
data:
|
||||
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGekNDQWYrZ0F3SUJBZ0lVUUc1cm5YQ04xWEZWZ1Y1SjAxT3pyeUtjc1lBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0d6RVpNQmNHQTFVRUF3d1FhbUZ5ZG1sekxXTmhMV2x6YzNWbGNqQWVGdzB5TVRBeE1qa3hOVFUyTURaYQpGdzB5TVRBeU1EZ3hOVFUyTURaYU1Cc3hHVEFYQmdOVkJBTU1FR3BoY25acGN5MWpZUzFwYzNOMVpYSXdnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFAraHhQc3F2ZWRtTHRGMEl5SkU4VTFZWUEKdjhwMW5XbFAxcEFxVXBMWTFWcTlhaGRud3VmZitqUG10b0YrZjV3czExNjRBYytVbHpWeXQ2V2dTdlZHdG5DMApIc3Jic2krUHZNaDNDdFZPajNoL3ZONWE4RVNIRytDb1pPL2hIRXBjOWs5QkI0cVJOVEdTcit6N0JrV05xVHVzCmx2RllPeG52enZDYjhRSTVrejVWM0tKaVJFRHFTRW9vdzVsWUliVmpRb1BhajhvZnVsT1p3L0NUYmhnZndERngKNlQrUTNDM0hjRzJJclJ0RDd5ZVQ2ODRTNmpEQzA2Q1lnR2M5RmtpeVFoc2p1MjdJS3FXT3QxUEdjY1dLUFNuQQo0M29OZ2tUNkEwMHJmaTQ4SUNzcHBFd3hCZHo4RlBQbVRrTk1veUcxMVJNY1hBWWdnbUJrWGVSVkRnMnZBZ01CCkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQWZCZ05WSFNNRUdEQVcKZ0JSSE5ZbFdBQWM0emNLSG4rTUZjNFVKUlVJT3FEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFtU3N6WjRsQlROVzg4TEs3Q29lRGNVMFgvZld4cFJ0V2kzZVhtRnNzcVMrL3lNUzV3CnlzK240alBQWlFEWlpiamFHSGEwRERZdlRXRVd4OFU5RVRxUU1kKzRkUy8yRWl3dVRpRHIzRGltbkIxTnBHYmYKL0RpMnVGUVZYdDJSa29FWVRiVHNGSy9HazNFMjBsNzVlcGFzcHhyYytVYU90amRJbDFnL21MVnkzT2E4SzM5aAppQzMrbldkbW9rd0ltQ1hNSklxTFhzc0pxSks2WEVYQ3NkYVFycWZncDlHaWJNOFBjKzBSYmtjbW8ra3NyUHJqCnRycTIzZGI2V3RLcVhWT3BhL01UTVhibElIalVpZjdOcHpzRHBrajQ3MGp3TkROOVM2SUhqRVdaYVFDTWFncDgKSkZIN3ZNSXRHektxTERUanF1TURmdkh0dzQvVTF2bXRqUlpZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBei9vY1Q3S3IzblppN1JkQ01pUlBGTldHQUwvS2RaMXBUOWFRS2xLUzJOVmF2V29YClo4TG4zL296NXJhQmZuK2NMTmRldUFIUGxKYzFjcmVsb0VyMVJyWnd0QjdLMjdJdmo3eklkd3JWVG85NGY3emUKV3ZCRWh4dmdxR1R2NFJ4S1hQWlBRUWVLa1RVeGtxL3Mrd1pGamFrN3JKYnhXRHNaNzg3d20vRUNPWk0rVmR5aQpZa1JBNmtoS0tNT1pXQ0cxWTBLRDJvL0tIN3BUbWNQd2syNFlIOEF4Y2VrL2tOd3R4M0J0aUswYlErOG5rK3ZPCkV1b3d3dE9nbUlCblBSWklza0liSTd0dXlDcWxqcmRUeG5IRmlqMHB3T042RFlKRStnTk5LMzR1UENBckthUk0KTVFYYy9CVHo1azVEVEtNaHRkVVRIRndHSUlKZ1pGM2tWUTROcndJREFRQUJBb0lCQUVCT2JZS1hGRjFzN1pteApuMTR4cStJZFE1bm5zNG82YWQydDBsWER3blFaUkQxZEdHK1U3RzFzeDYrR3J2T1dNWXdMNjlXcGVhM1FNMDZOClNrRU43Rms1QUJBeGxUZnBHSnV4RzZyelJwRkwrMDVENzl6ZWZkSG81TVlzcjU5RFNCc0diZXNGa2Vya0w3ZlQKZmNzQVhYRTM2cU9xNkdVSG9UVnRIeWlZbEwrSUlMSkVjNCtYUEZYK21PeERyUkRLYUlUNUJpVjlLa3NpN2tPWgpGQlpqY2JCWGN3dXhTZzB1eERtNGhNaUdzaGRKcCszRW51bTdwd1hlVTdPcGFpRENGL2ljRkNlTlEvTVphU1AzClRGTU5zbGxRYm1UQWEvQWVqMXBVMm5BMEN1Y3lOa1ZNdk5sUmpEaTZxcGR5cDByb0JRQzYyakNaSGJHOGREY2kKZUc0VVFnRUNnWUVBOXNXTkRCdjB6dlFWY3NxcHdWWFVkanNTUnVBbXRSV3hna0MvVTcyVGVmdk93YXYzR2VMTQpXTWllcGs0SXkyQnF3RS9TakFydXZ1VmZPeE4rVTIvVG51QVAvNGN6NXo4YnRGbmpndFJTR0hMK1pacHdjTU5iCjJtcXNhQ3U4NnM2NnRHUXJtbnJuZUZtV0NWSFgwWk9FVVFtd0g0YlY0UjRpZmQ3RVRwSzRVUThDZ1lFQTE4RXAKYVZtdC9rYTJDZDFJN0hnTTJlV1JCUnVFclFuZURKZElibzNNeFU1Z1hUME1RQzJ5b2FYU1RXNXgyTnZKOGxjSwpwVEtaZ0puNTRvTlRrSDFkYjhacndaM3RLRk9ndWc2NFVwVnJ0ZVZpY2ppbi9IS0xmU1VRNVlxamdzRTNhTzUzCldtbzlEQko5cVYyZVlaVmFDbmtCdm1FN0xOczhJaVhvT0VRbE9XRUNnWUVBMmIyWVpoM28xZzh6T2JXdk1jT3QKRTZHdHo5SUs5Vyt0MERPWFhxbUJEbnBzaGlGWmlJTEJNbm5hMnYweDcxb2s5NG0zU3hCK2R2eG5HZlpxV2U3cgpPRjJXWUM4SlVqc3lFK0hZeU9EVmkzTTBHNnk1R0JhWTN0R1BUTitDODJEMEJ5WDMvM2dBOUFXQVNMcnBocWYyCmNaYnR5L09xbHRlRE1iTTFYZXRDTFdzQ2dZRUFrL3lTQXdqWUowa3BJNnI4a2ZYbUdxOHp3V1VXby9uWXJKbzMKdkZ6V3o1N3F5Z2xObGRmQ1pzM3VhZDRQaU1kNHhSaWUzS0RRV1QxRUFQSkRKeUJXTG96UzdJTCtZR0s4SStKawoyNEJSMlBuMWhKTUg1a2hMRlJPUGUyS1V0T01DdHA2YWp4Ry92Y0FSSVZKdGlGR0E2UjRHN0NhVkNEZDRENVFnCnJEZFJzUUVDZ1lBbVpUWHN4NUJVVURrR2FlT1hObExqOVpYVEdWUURJcm82VVo0dDRzWitjWjhQazFvRW5xR3UKSkk0aWtua1JUWDR6bEVEWTlUbVZpaitiVSt2cFZkd2pWN3lnb0RBN1dBWXV2OTFkSWppN1ZYUEJJS2RKbmttVgpVbkZaYytuNnhZL0lrWkdoYisraWJkeTl6ai9zUjFkYUNZeUhSdnkxaDRzNCtIbzQxTTU5OFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
|
|
@ -0,0 +1,69 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: dex
|
||||
---
|
||||
# Dex Helm Charts from Helm Repository (Helm Collator)
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: dex-helm-repo
|
||||
namespace: collator
|
||||
spec:
|
||||
interval: 5m
|
||||
url: http://helm-chart-collator.collator.svc:8080/
|
||||
---
|
||||
# Dex Helm Charts from Git Repository
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: dex-git-repo
|
||||
namespace: collator
|
||||
spec:
|
||||
interval: 5m
|
||||
url: https://github.com/sshiba/dex-charts.git
|
||||
ref:
|
||||
branch: main
|
||||
commit: bda63b9d0bc9ee46e798b9849bfde476c9f7efe0
|
||||
---
|
||||
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: dex-aio
|
||||
namespace: dex
|
||||
spec:
|
||||
releaseName: dex-aio
|
||||
targetNamespace: dex
|
||||
interval: 5m
|
||||
chart:
|
||||
spec:
|
||||
chart: dex-aio
|
||||
# Referencing Dex Helm charts from Helm Collator repo
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: dex-helm-repo
|
||||
namespace: collator
|
||||
# Referencing Dex Helm charts from Git repo
|
||||
# sourceRef:
|
||||
# kind: GitRepository
|
||||
# name: dex-git-repo
|
||||
# namespace: collator
|
||||
# values:
|
||||
# params:
|
||||
# site:
|
||||
# name: Jarvis
|
||||
# endpoints:
|
||||
# hostname: dex.jarvis.local
|
||||
# port:
|
||||
# https: 5556
|
||||
# http: 5554
|
||||
# k8s: 8443
|
||||
# nodePort:
|
||||
# https: 31556
|
||||
# http: 31554
|
||||
# oidc:
|
||||
# client_id: jarvis-kubernetes
|
||||
# client_secret: pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok
|
||||
# service:
|
||||
# type: LoadBalancer
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../catalogue
|
||||
- dex-certs-secrets.yaml
|
||||
- dex-certs-issuer.yaml
|
||||
- dex-helmrelease.yaml
|
|
@ -0,0 +1,148 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
name: cluster-controlplane-replacements
|
||||
replacements:
|
||||
# Dex Secrets for Certificates
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.tls.crt-b64
|
||||
target:
|
||||
objref:
|
||||
kind: Secret
|
||||
name: dex-ca-key-pair
|
||||
# fieldrefs using the json form because crt name (i.e., "tls.crt") contains a dot (.)
|
||||
# the json form starts with a dot (.), which makes the Replacement transformer
|
||||
# to not base64 encode the data.
|
||||
fieldrefs: ["{.data.tls\\.crt}"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.tls.key-b64
|
||||
target:
|
||||
objref:
|
||||
kind: Secret
|
||||
name: dex-ca-key-pair
|
||||
# fieldrefs using the json form because key name (i.e., "tls.key") contains a dot (.)
|
||||
# the json form starts with a dot (.), which makes the Replacement transformer
|
||||
# to not base64 encode the data.
|
||||
fieldrefs: ["{.data.tls\\.key}"]
|
||||
# Dex HelmRelease Customization
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.service.type
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.service.type"]
|
||||
|
||||
# Dex HelmRelease Values override
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.site.name
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.site.name"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.hostname
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.hostname"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.port.https
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.port.https"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.port.http
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.port.http"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.nodePort.https
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.nodePort.https"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.endpoints.nodePort.http
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.endpoints.nodePort.http"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.oidc.client_id
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.oidc.client_id"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.oidc.client_secret
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.oidc.client_secret"]
|
||||
- source:
|
||||
objref:
|
||||
name: dex-catalogue
|
||||
fieldref: dex.service.type
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: dex-aio
|
||||
fieldrefs: ["spec.values.params.service.type"]
|
||||
# Uncomment the "- source" structure below for enabling to override the Dex Connector data
|
||||
# - source:
|
||||
# objref:
|
||||
# name: dex-catalogue
|
||||
# fieldref: dex.yaml.connector
|
||||
# target:
|
||||
# objref:
|
||||
# kind: HelmRelease
|
||||
# name: dex-aio
|
||||
# fieldrefs: ["{.spec.values.config.dex\\.yaml}"]
|
|
@ -0,0 +1,6 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- dex-replacements.yaml
|
||||
- ../../catalogue/cleanup
|
Loading…
Reference in New Issue